diff --git a/files/aide_extra.conf b/files/aide_extra.conf
deleted file mode 100644
index 5c8586f9..00000000
--- a/files/aide_extra.conf
+++ /dev/null
@@ -1,14 +0,0 @@
-# Rules borrowed from CentOS/RHEL AIDE configuration
-# (SELinux was removed for Ubuntu compatibility.)
-FIPSR = p+i+n+u+g+s+m+c+acl+xattrs+sha256
-NORMAL = FIPSR+sha512
-
-# The following two lines apply the NORMAL rule (above this line) to the
-# /bin and /sbin directories to meet the requirements of two STIG controls:
-#
-#   RHEL-07-021600 - Verify ACLs
-#   RHEL-07-021610 - Verify extended attributes
-#
-/bin    NORMAL
-/sbin   NORMAL
-
diff --git a/tasks/rhel7stig/aide.yml b/tasks/rhel7stig/aide.yml
index 6afceca7..188eae4c 100644
--- a/tasks/rhel7stig/aide.yml
+++ b/tasks/rhel7stig/aide.yml
@@ -31,6 +31,37 @@
     - aide
     - RHEL-07-020130
 
+# NOTE(mhayden): CentOS/RHEL already provide a very strict AIDE configuration
+# that meets the requirements of V-72069 and V-72071. That config
+# is borrowed for Ubuntu 16.04 here.
+- name: Configure AIDE to verify additional properties
+  blockinfile:
+    dest: "{{ aide_conf }}"
+    insertbefore: EOF
+    marker: "# {mark} MANAGED BY OPENSTACK-ANSIBLE-SECURITY"
+    block: |
+      # Rules borrowed from CentOS/RHEL AIDE configuration
+      # (SELinux was removed for Ubuntu compatibility.)
+      FIPSR = p+i+n+u+g+s+m+c+acl+xattrs+sha256
+      NORMAL = FIPSR+sha512
+
+      # The following two lines apply the NORMAL rule (above this line) to the
+      # /bin and /sbin directories to meet the requirements of two STIG controls:
+      #
+      #   RHEL-07-021600 - Verify ACLs
+      #   RHEL-07-021610 - Verify extended attributes
+      #
+      /bin    NORMAL
+      /sbin   NORMAL
+  when:
+    - ansible_os_family | lower == 'ubuntu'
+  tags:
+    - low
+    - aide
+    - RHEL-07-021600
+    - RHEL-07-021610
+    - RHEL-07-021620
+
 - name: Check to see if AIDE database is already in place
   stat:
     path: "{{ aide_database_file }}"
@@ -82,21 +113,3 @@
     - medium
     - aide
     - RHEL-07-020140
-
-# NOTE(mhayden): CentOS/RHEL already provide a very strict AIDE configuration
-# that meets the requirements of RHEL-07-021600 and RHEL-07-021610. That config
-# is borrowed for Ubuntu 16.04 here.
-- name: Configure AIDE to verify additional properties
-  blockinfile:
-    dest: "{{ aide_conf }}"
-    insertbefore: EOF
-    marker: "# {mark} MANAGED BY OPENSTACK-ANSIBLE-SECURITY"
-    block: "{{ lookup('file', 'aide_extra.conf') }}"
-  when:
-    - ansible_os_family | lower == 'ubuntu'
-  tags:
-    - low
-    - aide
-    - RHEL-07-021600
-    - RHEL-07-021610
-    - RHEL-07-021620