diff --git a/config/hooks/installed/encryption-setup.sh b/config/hooks/installed/encryption-setup.sh
index 9b0c2d6..0ebc00d 100755
--- a/config/hooks/installed/encryption-setup.sh
+++ b/config/hooks/installed/encryption-setup.sh
@@ -48,10 +48,7 @@ EOF
 
 # Add cryptsetup and dm-crypt to initramfs modules
 {
-    echo "dm_crypt"
-    echo "aes_xts"
-    echo "xts"
-    echo "sha512"
+  echo "dm_crypt"
 } >> /etc/initramfs-tools/modules
 
 # Configure kernel command line for encrypted root
@@ -62,6 +59,7 @@ if [ -f /etc/default/grub ]; then
         # This will be set by the installer, but we ensure proper format
         # Note: We use a placeholder UUID that will be updated by the installer
         # The actual UUID of the encrypted root will be determined at install time
+        # shellcheck disable=SC2016
         sed -i '/^GRUB_CMDLINE_LINUX_DEFAULT=/s/"$/ rd.luks.crypttab=1"/' /etc/default/grub || true
     fi
 fi
diff --git a/config/hooks/installed/encryption-validation.sh b/config/hooks/installed/encryption-validation.sh
index f62d4d9..2d4e7a4 100755
--- a/config/hooks/installed/encryption-validation.sh
+++ b/config/hooks/installed/encryption-validation.sh
@@ -209,8 +209,8 @@ echo "==========================================================================
 echo "  KNEL-Football Secure OS - First Boot"
 echo "================================================================================"
 echo ""
-echo "  ✓ Full disk encryption is active and verified"
-echo "  ✓ System security hardening complete"
+echo "  [PASS] Full disk encryption is active and verified"
+echo "  [PASS] System security hardening complete"
 echo ""
 echo "  IMPORTANT INFORMATION:"
 echo "  - Your encryption passphrase is required at every system boot"
diff --git a/src/build-iso.sh b/src/build-iso.sh
index 13cdf7d..17fc876 100755
--- a/src/build-iso.sh
+++ b/src/build-iso.sh
@@ -96,12 +96,12 @@ echo 'Starting ISO build (30-60 minutes)...'
 timeout $BUILD_TIMEOUT lb build
 
 if [ \$? -eq 0 ]; then
-    echo '✓ Build completed successfully!'
+    echo 'PASS: Build completed successfully!'
     
     # Find and process ISO
     ISO_FILE=\$(find . -name '*.iso' -type f | head -1)
     if [ -n \"\$ISO_FILE\" ]; then
-        echo \"✓ ISO created: \$ISO_FILE\"
+        echo \"PASS: ISO created: \$ISO_FILE\"
         
         # Generate checksums
         sha256sum \"\$ISO_FILE\" > \"\${ISO_FILE}.sha256\"
@@ -159,8 +159,8 @@ Contact: KNEL-Football IT Security Team
 Generated: \$(date)
 REPORT
         
-        echo '✓ Build report created'
-        echo '✓ All artifacts copied to /output/'
+        echo 'PASS: Build report created'
+        echo 'PASS: All artifacts copied to /output/'
         
         # Display ISO info
         if [ -f \"/output/\$FINAL_ISO\" ]; then
@@ -168,15 +168,15 @@ REPORT
             echo 'ISO Details:'
             echo \"File: \$FINAL_ISO\"
             echo \"Size: \$(du -h \"/output/\$FINAL_ISO\" | cut -f1)\"
-            echo \"SHA256: \$(cat \"/output/\${FINAL_ISO}.sha256\" | cut -d' ' -f1)\"
+            echo \"SHA256: \$(cut -d' ' -f1 < \"/output/\${FINAL_ISO}.sha256\")\"
         fi
         
     else
-        echo '✗ No ISO file found'
+        echo 'FAIL: No ISO file found'
         exit 1
     fi
 else
-    echo '✗ Build failed or timed out'
+    echo 'FAIL: Build failed or timed out'
     exit 1
 fi
 "
@@ -185,15 +185,15 @@ fi
   echo ""
   echo "=== BUILD COMPLETION CHECK ==="
 
-  if [ -f "output/$PROJECT_NAME.iso" ]; then
-    echo "[OK] BUILD SUCCESSFUL!"
-    echo "[OK] ISO created: $PROJECT_NAME.iso"
-    echo "[OK] Size: $(du -h "output/$PROJECT_NAME.iso" | cut -f1)"
-    echo "[OK] SHA256: $(cut -d' ' -f1 < "output/$PROJECT_NAME.iso.sha256")"
+  if [ -f "output/$PROJECT_NAME-v$VERSION.iso" ]; then
+    echo "PASS: BUILD SUCCESSFUL!"
+    echo "PASS: ISO created: $PROJECT_NAME-v$VERSION.iso"
+    echo "PASS: Size: $(du -h "output/$PROJECT_NAME-v$VERSION.iso" | cut -f1)"
+    echo "PASS: SHA256: $(cut -d' ' -f1 < "output/$PROJECT_NAME-v$VERSION.sha256")"
     echo "All operations performed in Docker container - NO host modifications"
     return 0
   else
-    echo "[FAIL] BUILD FAILED"
+    echo "FAIL: BUILD FAILED"
     echo "Check Docker container output for errors"
     return 1
   fi
@@ -214,4 +214,7 @@ main() {
   echo "All operations performed in Docker container - NO host system modifications"
 }
 
-main "$@"
+# Only execute main if script is run directly (not sourced)
+if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
+  main "$@"
+fi
diff --git a/src/firewall-setup.sh b/src/firewall-setup.sh
index 5f9b4a8..a7844be 100755
--- a/src/firewall-setup.sh
+++ b/src/firewall-setup.sh
@@ -71,7 +71,7 @@ apply_firewall() {
 # Main setup
 main() {
   echo "Setting up dynamic firewall..."
-  apply_firewall "${1:-}"
+  apply_firewall "$@"
   echo "Firewall setup completed."
 }
 
diff --git a/src/security-hardening.sh b/src/security-hardening.sh
index 57b3990..ce3b015 100755
--- a/src/security-hardening.sh
+++ b/src/security-hardening.sh
@@ -283,12 +283,11 @@ apply_security_hardening() {
   echo "Applying security hardening..."
 
   create_wifi_blacklist "${1:-}"
-  create_bluetooth_blacklist "${2:-}"
-  configure_ssh_client "${3:-}"
-  configure_password_policy "${4:-}"
-  configure_fim "${5:-}"
-  configure_system_limits "${6:-}"
-  configure_audit_rules "${7:-}"
+  create_bluetooth_blacklist "${1:-}"
+  configure_ssh "${1:-}"
+  configure_password_policy "${1:-}"
+  configure_system_limits "${1:-}"
+  configure_audit_rules "${1:-}"
 
   echo "Security hardening completed."
   echo "IMPORTANT: Run 'aideinit' to initialize file integrity database after installation"
@@ -297,7 +296,7 @@ apply_security_hardening() {
 # Main execution
 main() {
   echo "Starting KNEL-Football security hardening..."
-  apply_security_hardening
+  apply_security_hardening "$@"
   echo "Security hardening completed successfully!"
 }