diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml
index f894eacfd990..d6c2ed6df1d8 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml
@@ -64,7 +64,7 @@ template:
             - /usr/lib/
             - /usr/lib64/
         recursive: 'true'
-{{% if 'ol' in families or 'rhel' in product %}}
+{{% if 'ol' in families or 'rhel' in product or 'ubuntu' in product %}}
         file_regex: ^.*\.so.*$
 {{% else %}}
         file_regex: ^.*$
@@ -74,9 +74,15 @@ template:
 fixtext: |-
     Configure the system-wide shared library files (/lib, /lib64, /usr/lib and /usr/lib64) to be protected from unauthorized access.
 
+{{%- if 'ubuntu' in product %}}
+    Run the following command:
+
+    <pre>$ sudo find /lib /lib64 /usr/lib /usr/lib64 -type f -name '*.so*' ! -user root -exec chown root {} +</pre>
+{{%- else %}}
     Run the following command, replacing "[FILE]" with any library file not owned by "root".
 
     $ sudo chown root [FILE]
+{{%- endif %}}
 
 srg_requirement:
     {{{ full_name }}} library files must be owned by root.
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh
index 07b5f77cc290..c552b5eacd68 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh
@@ -2,7 +2,7 @@
 # platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu,multi_platform_almalinux
 
 useradd user_test
-{{% if 'ol' in families or 'rhel' in product %}}
+{{% if 'ol' in families or 'rhel' in product or 'ubuntu' in product %}}
 for TESTFILE in /lib/test_me.so /lib64/test_me.so /usr/lib/test_me.so /usr/lib64/test_me.so
 {{% else %}}
 for TESTFILE in /lib/test_me /lib64/test_me /usr/lib/test_me /usr/lib64/test_me
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh
index 8dededef2316..a8e577464bfc 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh
@@ -6,7 +6,7 @@ useradd user_test
 TESTDIR="/usr/lib/dir/"
 
 mkdir -p "${TESTDIR}"
-{{% if 'ol' in families or 'rhel' in product %}}
+{{% if 'ol' in families or 'rhel' in product or 'ubuntu' in product %}}
 touch "${TESTDIR}"/test_me.so
 chown user_test "${TESTDIR}"/test_me.so
 {{% else %}}
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml
index 840e8ab35a16..7f541885a066 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml
@@ -64,7 +64,7 @@ template:
             - /usr/lib/
             - /usr/lib64/
         recursive: 'true'
-{{% if 'ol' in families or 'rhel' in product %}}
+{{% if 'ol' in families or 'rhel' in product or 'ubuntu' in product %}}
         file_regex: ^.*\.so.*$
 {{% else %}}
         file_regex: ^.*$
@@ -72,9 +72,15 @@ template:
         filemode: '7755'
 
 fixtext: |-
+{{%- if 'ubuntu' in product %}}
+    Configure the systemwide shared library files contained in the directories "/lib", "/lib64", "/usr/lib", and "/usr/lib64" to have mode 0755 or less permissive with the following command:
+
+    <pre>$ sudo find /lib /lib64 /usr/lib /usr/lib64 -type f -name '*.so*' -perm /022 -exec chmod go-w {} +</pre>
+{{%- else %}}
     Configure the library files to be protected from unauthorized access. Run the following command, replacing "[FILE]" with any library file with a mode more permissive than 755.
 
     $ sudo chmod 755 [FILE]
+{{%- endif %}}
 
 srg_requirement:
     {{{ full_name }}} library directories must have mode 755 or less permissive.
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/tests/lenient_permissions.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/tests/lenient_permissions.fail.sh
index f95ab977d6ec..d992d957b68f 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/tests/lenient_permissions.fail.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/tests/lenient_permissions.fail.sh
@@ -4,7 +4,7 @@ DIRS="/lib /lib64 /usr/lib /usr/lib64"
 for dirPath in $DIRS; do
     # Limit the test changes to a subset of file in the directory
     # Remediation the whole library dirs is very time consuming
-{{% if 'ol' in families or 'rhel' in product %}}
+{{% if 'ol' in families or 'rhel' in product or 'ubuntu' in product %}}
     find "$dirPath" -type f -regex ".*\.so" -exec chmod go+w '{}' \;
 {{% else %}}
     find "$dirPath" -type f -regex ".*\.txt" -exec chmod go+w '{}' \;
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/bash/ubuntu.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/bash/ubuntu.sh
deleted file mode 100644
index 3f6a097a88d0..000000000000
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/bash/ubuntu.sh
+++ /dev/null
@@ -1,2 +0,0 @@
-# platform = multi_platform_ubuntu
-find /lib/ /lib64/ /usr/lib/ /usr/lib64/ \! -gid -{{{ gid_min }}} -type f -exec chgrp --no-dereference root '{}' \;
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/oval/ubuntu.xml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/oval/ubuntu.xml
deleted file mode 100644
index 37f6972f78d3..000000000000
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/oval/ubuntu.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<def-group>
-  <definition class="compliance" id="{{{ rule_id }}}" version="2">
-    {{{ oval_metadata("Verify the system-wide library files in directories /lib, /lib64, /usr/lib/ and /usr/lib64 are group-owned by root.", rule_title=rule_title) }}}
-    <criteria operator="AND">
-      <criterion test_ref="test_groupownership_syslibrary_files" />
-    </criteria>
-  </definition>
-
-  <unix:file_test  check="all" check_existence="none_exist" comment="binary files uid root" id="test_groupownership_syslibrary_files" version="1">
-    <unix:object object_ref="object_file_groupownership_syslibrary_files" />
-  </unix:file_test>
-
-  <unix:file_object comment="binary files" id="object_file_groupownership_syslibrary_files" version="1">
-    <!-- Check that files within /lib /lib64 /usr/lib/ /usr/lib64 directories belong to group with gid < 1000 (system accounts) -->
-    <unix:path operation="pattern match">^/(|usr/)lib(|64)$</unix:path>
-    <unix:filename operation="pattern match">^.*$</unix:filename>
-   <filter action="include">state_groupowner_binaries_not_system_accounts</filter>
-   <filter action="exclude">state_groupowner_root_path_dirs_symlink</filter>
-  </unix:file_object>
-
-  <unix:file_state id="state_groupowner_root_path_dirs_symlink" version="1">
-    <unix:type operation="equals">symbolic link</unix:type>
-  </unix:file_state>
-
-  <unix:file_state id="state_groupowner_binaries_not_system_accounts" version="1">
-    <unix:group_id datatype="int" operation="greater than or equal">{{{ gid_min }}}</unix:group_id>
-  </unix:file_state>
-
-</def-group>
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml
index 6ecf076cd2f5..91ea1c5933f6 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml
@@ -1,12 +1,8 @@
 documentation_complete: true
 
-{{% if 'ubuntu' in product -%}}
-{{% set gid_description = ' or a required system account' -%}}
-{{% endif -%}}
-
 title: |-
     Verify the system-wide library files in directories
-    "/lib", "/lib64", "/usr/lib/" and "/usr/lib64" are group-owned by root{{{ gid_description }}}.
+    "/lib", "/lib64", "/usr/lib/" and "/usr/lib64" are group-owned by root.
 
 description: |-
     System-wide library files are stored in the following directories
@@ -17,7 +13,7 @@ description: |-
     /usr/lib64
     </pre>
     All system-wide shared library files should be protected from unauthorised
-    access. If any of these files is not group-owned by root{{{ gid_description }}},
+    access. If any of these files is not group-owned by root,
     correct its group-owner with the following command:
     <pre>$ sudo chgrp root <i>FILE</i></pre>
 
@@ -50,14 +46,13 @@ references:
     stigid@sle12: SLES-12-010875
     stigid@sle15: SLES-15-010355
 
-ocil_clause: any system wide shared library file is returned and is not group-owned by root{{{ gid_description }}}
+ocil_clause: any system wide shared library file is returned and is not group-owned by root
 
 ocil: |-
-    Verify the system-wide shared library files are group-owned by root{{{ gid_description }}} with the following command:
+    Verify the system-wide shared library files are group-owned by root with the following command:
 
     $ sudo find -L /lib /lib64 /usr/lib /usr/lib64 ! -group root -exec ls -l {} \;
 
-{{% if "ubuntu" not in product %}}
 template:
     name: file_groupowner
     vars:
@@ -66,21 +61,26 @@ template:
             - /lib64/
             - /usr/lib/
             - /usr/lib64/
-{{% if 'ol' in families or 'rhel' in product %}}
+{{% if 'ol' in families or 'rhel' in product or 'ubuntu' in product %}}
         file_regex: ^.*\.so.*$
 {{% else %}}
         file_regex: ^.*$
 {{% endif %}}
         recursive: 'true'
         gid_or_name: '0'
-{{% endif %}}
 
 fixtext: |-
     Configure the system-wide shared library files (/lib, /lib64, /usr/lib and /usr/lib64) to be protected from unauthorized access.
 
-    Run the following command, replacing "[FILE]" with any library file not group-owned by root{{{ gid_description }}}.
+{{%- if 'ubuntu' in product %}}
+    Run the following command:
+
+    <pre>$ sudo find /lib /lib64 /usr/lib /usr/lib64 -type f -name '*.so*' ! -group root -exec chgrp root {} +</pre>
+{{%- else %}}
+    Run the following command, replacing "[FILE]" with any library file not group-owned by root.
 
     $ sudo chgrp root [FILE]
+{{%- endif %}}
 
 srg_requirement:
-    {{{ full_name }}} library files must be group-owned by root{{{ gid_description }}}.
+    {{{ full_name }}} library files must be group-owned by root.
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/excluded_groupowner.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/excluded_groupowner.pass.sh
deleted file mode 100644
index 575ffe353000..000000000000
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/excluded_groupowner.pass.sh
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/bash
-# platform = multi_platform_ubuntu
-
-for SYSLIBDIRS in /lib /lib64 /usr/lib /usr/lib64
-do
-    if [[ -d $SYSLIBDIRS  ]]
-    then
-        find $SYSLIBDIRS ! -group root -type f -exec chgrp root '{}' \;
-    fi
-done
-
-groupadd -r cac_sys
-touch /lib/test_me
-
-chgrp cac_sys /lib/test_me
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh
index c469a2f6e7fa..acb94170fa53 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh
@@ -2,7 +2,7 @@
 # platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu,multi_platform_ol
 
 groupadd group_test
-{{% if 'ol' in families or 'rhel' in product %}}
+{{% if 'ol' in families or 'rhel' in product or 'ubuntu' in product %}}
 for TESTFILE in /lib/test_me.so /lib64/test_me.so /usr/lib/test_me.so /usr/lib64/test_me.so
 {{% else %}}
 for TESTFILE in /lib/test_me /lib64/test_me /usr/lib/test_me /usr/lib64/test_me
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_symlink.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_symlink.pass.sh
deleted file mode 100644
index 44616551e68d..000000000000
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_symlink.pass.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-# platform = multi_platform_ubuntu
-
-groupadd group_test
-
-TESTDIR="/usr/lib64"
-
-mkdir -p "$TESTDIR"
-
-# The check ignores this symlink and results in pass
-ln -s $TESTDIR/missing_test_file $TESTDIR/faulty_symlink
-chgrp -h group_test $TESTDIR/faulty_symlink