diff --git a/elk_metrics_6x/installAuditbeat.yml b/elk_metrics_6x/installAuditbeat.yml
index bafe2e60..9dda2e59 100644
--- a/elk_metrics_6x/installAuditbeat.yml
+++ b/elk_metrics_6x/installAuditbeat.yml
@@ -44,18 +44,10 @@
         src: templates/auditbeat.yml.j2
         dest: /etc/auditbeat/auditbeat.yml
 
-    - name: Stop auditd
-      systemd:
-        name: "auditd"
-        enabled: "{{ not inventory_hostname in groups['kibana'] | default([]) }}"
-        state: stopped
-      when:
-        - not apply_security_hardening | default(true) | bool
-
     - name: Enable and restart auditbeat
       systemd:
         name: "auditbeat"
-        enabled: "{{ not inventory_hostname in groups['kibana'] | default([]) }}"
+        enabled: "true"
         state: restarted
 
   tags:
diff --git a/elk_metrics_6x/installElastic.yml b/elk_metrics_6x/installElastic.yml
index 635de75a..c7d8adc2 100644
--- a/elk_metrics_6x/installElastic.yml
+++ b/elk_metrics_6x/installElastic.yml
@@ -35,7 +35,7 @@
             elasticsearch_node_ingest: false
             elastic_heap_size: "{{ (elastic_heap_size | int) // 3 }}"
       when:
-        - inventory_hostname in groups['kibana']
+        - inventory_hostname in (groups['kibana'] | difference(groups['elastic-logstash']))
       tags:
         - always