From 14de03e8bcb84cd6bc82c7dc92013324a3da4b26 Mon Sep 17 00:00:00 2001
From: teacup-on-rockingchair
 <315160+teacup-on-rockingchair@users.noreply.github.com>
Date: Tue, 14 Nov 2023 09:40:55 +0200
Subject: [PATCH 1/9] Define apparmor package platform

---
 shared/applicability/package.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/shared/applicability/package.yml b/shared/applicability/package.yml
index 4e799d20b8f..4bcb49f4dc2 100644
--- a/shared/applicability/package.yml
+++ b/shared/applicability/package.yml
@@ -6,6 +6,12 @@ template:
 args:
   aide:
     pkgname: aide
+  apparmor:
+    {{% if product in ["sle12", "sle15"] %}}
+      pkgname: apparmor-profiles
+    {{% else %}}
+      pkgname: apparmor
+    {{% endif %}}
   apport:
     pkgname: apport
   audit:

From ecf96e835d2ebf8746b36cbbf189a2ec1e997a44 Mon Sep 17 00:00:00 2001
From: teacup-on-rockingchair
 <315160+teacup-on-rockingchair@users.noreply.github.com>
Date: Tue, 14 Nov 2023 09:41:28 +0200
Subject: [PATCH 2/9] Enable apparmor package installed rule for SLE15

---
 .../guide/system/apparmor/package_apparmor_installed/rule.yml   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux_os/guide/system/apparmor/package_apparmor_installed/rule.yml b/linux_os/guide/system/apparmor/package_apparmor_installed/rule.yml
index a08bbb9a4e9..63f826742a6 100644
--- a/linux_os/guide/system/apparmor/package_apparmor_installed/rule.yml
+++ b/linux_os/guide/system/apparmor/package_apparmor_installed/rule.yml
@@ -1,6 +1,5 @@
 documentation_complete: true
 
-
 title: 'Ensure AppArmor is installed'
 
 description: |-
@@ -23,3 +22,4 @@ template:
     name: package_installed
     vars:
         pkgname: apparmor
+        pkgname@sle15: apparmor-profiles

From fdb6af1113271aa79920cabc4635b06abc9dd785 Mon Sep 17 00:00:00 2001
From: teacup-on-rockingchair
 <315160+teacup-on-rockingchair@users.noreply.github.com>
Date: Tue, 14 Nov 2023 09:42:11 +0200
Subject: [PATCH 3/9] Add platform dependency for the apparmor profiles rule

---
 .../system/apparmor/all_apparmor_profiles_enforced/rule.yml     | 2 ++
 .../all_apparmor_profiles_in_enforce_complain_mode/rule.yml     | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/linux_os/guide/system/apparmor/all_apparmor_profiles_enforced/rule.yml b/linux_os/guide/system/apparmor/all_apparmor_profiles_enforced/rule.yml
index ba5e71d237a..29306db5546 100644
--- a/linux_os/guide/system/apparmor/all_apparmor_profiles_enforced/rule.yml
+++ b/linux_os/guide/system/apparmor/all_apparmor_profiles_enforced/rule.yml
@@ -33,3 +33,5 @@ references:
     cis@sle15: 1.7.1.4
     cis@ubuntu2004: 1.7.1.4
     cis@ubuntu2204: 1.6.1.4
+
+platform: package[apparmor]
diff --git a/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/rule.yml b/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/rule.yml
index d044e07b815..f494f563543 100644
--- a/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/rule.yml
+++ b/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/rule.yml
@@ -36,3 +36,5 @@ references:
     cis@sle15: 1.7.1.3
     cis@ubuntu2004: 1.7.1.3
     cis@ubuntu2204: 1.6.1.3
+
+platform: package[apparmor]

From 38374c0e50c9f3b730ede69b3eb4540d3396fcd4 Mon Sep 17 00:00:00 2001
From: teacup-on-rockingchair
 <315160+teacup-on-rockingchair@users.noreply.github.com>
Date: Tue, 14 Nov 2023 09:43:37 +0200
Subject: [PATCH 4/9] Add OVAL check for apparmor profile rules

---
 .../oval/shared.xml                           | 31 +++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/oval/shared.xml

diff --git a/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/oval/shared.xml b/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/oval/shared.xml
new file mode 100644
index 00000000000..f5db608032a
--- /dev/null
+++ b/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/oval/shared.xml
@@ -0,0 +1,31 @@
+<def-group>
+  <definition class="compliance" id="{{{ rule_id }}}" version="1">
+    {{{ oval_metadata("Ensure AppArmor profiles are in enforce complain mode") }}}
+    <criteria operator="AND">
+    </criteria>
+  </definition>
+  <ind:textfilecontent54_object id="obj_apparmor_profiles" version="1">
+    <ind:filepath datatype="string">/sys/kernel/security/apparmor/profiles</ind:filepath>
+    <ind:pattern operation="pattern match" datatype="string">^.*$</ind:pattern>
+    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
+  </ind:textfilecontent54_object>
+  <ind:textfilecontent54_object id="obj_apparmor_enforced_profiles" version="1">
+    <ind:filepath datatype="string">/sys/kernel/security/apparmor/profiles</ind:filepath>
+    <ind:pattern operation="pattern match" datatype="string">^\(enforce\)*$</ind:pattern>
+    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
+  </ind:textfilecontent54_object>
+  <ind:textfilecontent54_object id="obj_apparmor_complaining_profiles" version="1">
+    <ind:filepath datatype="string">/sys/kernel/security/apparmor/profiles</ind:filepath>
+    <ind:pattern operation="pattern match" datatype="string">^\(complain\)*$</ind:pattern>
+    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
+  </ind:textfilecontent54_object>
+  <local_variable datatype="int" id="var_num_apparmor_profiles" version="1" comment="apparmor profiles">
+    <object_component item_field="subexpression" object_ref="obj_apparmor_profiles" />
+  </local_variable>
+  <local_variable datatype="int" id="var_num_apparmor_enforced_profiles" version="1" comment="enforce apparmor profiles">
+    <object_component item_field="subexpression" object_ref="obj_apparmor_enforced_profiles" />
+  </local_variable>
+  <local_variable datatype="int" id="var_num_apparmor_complaining_profiles" version="1" comment="enforce apparmor profiles">
+    <object_component item_field="subexpression" object_ref="obj_apparmor_complaining_profiles" />
+  </local_variable>
+</def-group>

From 9f3b7bc48aef3ed4540bf40c1d7d6503a34c1745 Mon Sep 17 00:00:00 2001
From: teacup-on-rockingchair
 <315160+teacup-on-rockingchair@users.noreply.github.com>
Date: Tue, 5 Dec 2023 10:16:58 +0200
Subject: [PATCH 5/9] Update oval rule with improved variable declarations and
 rule naming

---
 .../oval/shared.xml                           | 50 +++++++++++++++----
 1 file changed, 39 insertions(+), 11 deletions(-)

diff --git a/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/oval/shared.xml b/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/oval/shared.xml
index f5db608032a..b24622ae03f 100644
--- a/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/oval/shared.xml
+++ b/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/oval/shared.xml
@@ -2,30 +2,58 @@
   <definition class="compliance" id="{{{ rule_id }}}" version="1">
     {{{ oval_metadata("Ensure AppArmor profiles are in enforce complain mode") }}}
     <criteria operator="AND">
+      <criterion comment="Check sum of complaining and enforced profiles equals all profiles"
+        test_ref="test_sum_complain_n_enforced_equal_all" />
     </criteria>
   </definition>
-  <ind:textfilecontent54_object id="obj_apparmor_profiles" version="1">
+  <ind:textfilecontent54_object id="{{{ rule_id }}}_obj_apparmor_profiles" version="1">
     <ind:filepath datatype="string">/sys/kernel/security/apparmor/profiles</ind:filepath>
     <ind:pattern operation="pattern match" datatype="string">^.*$</ind:pattern>
     <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
-  <ind:textfilecontent54_object id="obj_apparmor_enforced_profiles" version="1">
+  <ind:textfilecontent54_object id="{{{ rule_id }}}_obj_apparmor_enforced_profiles" version="1">
     <ind:filepath datatype="string">/sys/kernel/security/apparmor/profiles</ind:filepath>
-    <ind:pattern operation="pattern match" datatype="string">^\(enforce\)*$</ind:pattern>
+    <ind:pattern operation="pattern match" datatype="string">^\(enforce\)$</ind:pattern>
     <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
-  <ind:textfilecontent54_object id="obj_apparmor_complaining_profiles" version="1">
+  <ind:textfilecontent54_object id="{{{ rule_id }}}_obj_apparmor_complaining_profiles" version="1">
     <ind:filepath datatype="string">/sys/kernel/security/apparmor/profiles</ind:filepath>
-    <ind:pattern operation="pattern match" datatype="string">^\(complain\)*$</ind:pattern>
+    <ind:pattern operation="pattern match" datatype="string">^\(complain\)$</ind:pattern>
     <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
-  <local_variable datatype="int" id="var_num_apparmor_profiles" version="1" comment="apparmor profiles">
-    <object_component item_field="subexpression" object_ref="obj_apparmor_profiles" />
+  <ind:textfilecontent54_object id="{{{ rule_id }}}_obj_apparmor_unconfined_profiles" version="1">
+    <ind:filepath datatype="string">/sys/kernel/security/apparmor/profiles</ind:filepath>
+    <ind:pattern operation="pattern match"
+      datatype="string">^\.*processes are unconfined.*$</ind:pattern>
+    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
+  </ind:textfilecontent54_object>
+  <local_variable datatype="int" id="{{{ rule_id }}}_var_num_apparmor_profiles" version="1"
+    comment="apparmor profiles">
+    <object_component item_field="subexpression"
+     object_ref="{{{ rule_id }}}_obj_apparmor_profiles" />
   </local_variable>
-  <local_variable datatype="int" id="var_num_apparmor_enforced_profiles" version="1" comment="enforce apparmor profiles">
-    <object_component item_field="subexpression" object_ref="obj_apparmor_enforced_profiles" />
+  <local_variable datatype="int" comment="enforced apparmor profiles"
+    id="{{{ rule_id }}}_var_num_apparmor_enforced_complaining_profiles" version="1" >
+    <arithmetic arithmetic_operation="add">
+      <object_component item_field="subexpression"
+        object_ref="{{{ rule_id }}}_obj_apparmor_enforced_profiles" />
+      <object_component item_field="subexpression"
+        object_ref="{{{ rule_id }}}_obj_apparmor_complaining_profiles" />
+    </arithmetic>
   </local_variable>
-  <local_variable datatype="int" id="var_num_apparmor_complaining_profiles" version="1" comment="enforce apparmor profiles">
-    <object_component item_field="subexpression" object_ref="obj_apparmor_complaining_profiles" />
+  <local_variable datatype="int" id="{{{ rule_id }}}_var_num_apparmor_unconfined_profiles"
+    version="1" comment="apparmor profiles with unconfined processes">
+    <object_component item_field="subexpression"
+     object_ref="{{{ rule_id }}}_obj_apparmor_unconfined_profiles" />
   </local_variable>
+
+  <ind:variable_object id="{{{ rule_id }}}_obj_all_apparmor_profiles" version="1">
+    <ind:var_ref>{{{ rule_id }}}_var_num_apparmor_profiles</ind:var_ref>
+  </ind:variable_object>
+
+  <ind:variable_object id="{{{ rule_id }}}_obj_num_apparmor_enforced_complaining_profiles"
+    version="1">
+    <ind:var_ref>{{{ rule_id }}}_var_num_apparmor_enforced_complaining_profiles</ind:var_ref>
+  </ind:variable_object>
+
 </def-group>

From 21f2fbdd2af60db895499bf007f3e977bbf7451d Mon Sep 17 00:00:00 2001
From: teacup-on-rockingchair
 <315160+teacup-on-rockingchair@users.noreply.github.com>
Date: Sun, 4 Feb 2024 21:49:36 +0200
Subject: [PATCH 6/9] Make sure pattern matching includes subexpressions

Use oval count to get count of subexpression matches per type profile

Fix object and variable namings to include rule_id
---
 .../oval/shared.xml                           | 33 ++++++++++++-------
 1 file changed, 21 insertions(+), 12 deletions(-)

diff --git a/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/oval/shared.xml b/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/oval/shared.xml
index b24622ae03f..9347535cf47 100644
--- a/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/oval/shared.xml
+++ b/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/oval/shared.xml
@@ -3,22 +3,22 @@
     {{{ oval_metadata("Ensure AppArmor profiles are in enforce complain mode") }}}
     <criteria operator="AND">
       <criterion comment="Check sum of complaining and enforced profiles equals all profiles"
-        test_ref="test_sum_complain_n_enforced_equal_all" />
+        test_ref="{{{ rule_id }}}_test_sum_complain_n_enforced_equal_all" />
     </criteria>
   </definition>
   <ind:textfilecontent54_object id="{{{ rule_id }}}_obj_apparmor_profiles" version="1">
     <ind:filepath datatype="string">/sys/kernel/security/apparmor/profiles</ind:filepath>
-    <ind:pattern operation="pattern match" datatype="string">^.*$</ind:pattern>
+    <ind:pattern operation="pattern match">^.*$</ind:pattern>
     <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
   <ind:textfilecontent54_object id="{{{ rule_id }}}_obj_apparmor_enforced_profiles" version="1">
     <ind:filepath datatype="string">/sys/kernel/security/apparmor/profiles</ind:filepath>
-    <ind:pattern operation="pattern match" datatype="string">^\(enforce\)$</ind:pattern>
+    <ind:pattern operation="pattern match" datatype="string">^.*\(enforce\)$</ind:pattern>
     <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
   <ind:textfilecontent54_object id="{{{ rule_id }}}_obj_apparmor_complaining_profiles" version="1">
     <ind:filepath datatype="string">/sys/kernel/security/apparmor/profiles</ind:filepath>
-    <ind:pattern operation="pattern match" datatype="string">^\(complain\)$</ind:pattern>
+    <ind:pattern operation="pattern match" datatype="string">^.*\(complain\)$</ind:pattern>
     <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
   <ind:textfilecontent54_object id="{{{ rule_id }}}_obj_apparmor_unconfined_profiles" version="1">
@@ -29,16 +29,22 @@
   </ind:textfilecontent54_object>
   <local_variable datatype="int" id="{{{ rule_id }}}_var_num_apparmor_profiles" version="1"
     comment="apparmor profiles">
-    <object_component item_field="subexpression"
-     object_ref="{{{ rule_id }}}_obj_apparmor_profiles" />
+    <count>
+      <object_component item_field="subexpression"
+                        object_ref="{{{ rule_id }}}_obj_apparmor_profiles" />
+    </count>
   </local_variable>
   <local_variable datatype="int" comment="enforced apparmor profiles"
     id="{{{ rule_id }}}_var_num_apparmor_enforced_complaining_profiles" version="1" >
     <arithmetic arithmetic_operation="add">
+      <count>
       <object_component item_field="subexpression"
         object_ref="{{{ rule_id }}}_obj_apparmor_enforced_profiles" />
+      </count>
+      <count>
       <object_component item_field="subexpression"
         object_ref="{{{ rule_id }}}_obj_apparmor_complaining_profiles" />
+      </count>
     </arithmetic>
   </local_variable>
   <local_variable datatype="int" id="{{{ rule_id }}}_var_num_apparmor_unconfined_profiles"
@@ -50,10 +56,13 @@
   <ind:variable_object id="{{{ rule_id }}}_obj_all_apparmor_profiles" version="1">
     <ind:var_ref>{{{ rule_id }}}_var_num_apparmor_profiles</ind:var_ref>
   </ind:variable_object>
-
-  <ind:variable_object id="{{{ rule_id }}}_obj_num_apparmor_enforced_complaining_profiles"
-    version="1">
-    <ind:var_ref>{{{ rule_id }}}_var_num_apparmor_enforced_complaining_profiles</ind:var_ref>
-  </ind:variable_object>
-
+  <ind:variable_state id="{{{ rule_id }}}_state_sum_complain_n_enforced" version="1">
+    <ind:value datatype="int" operation="equals" var_check="all"
+      var_ref="{{{ rule_id }}}_var_num_apparmor_enforced_complaining_profiles"/>
+  </ind:variable_state>
+  <ind:variable_test id="{{{ rule_id }}}_test_sum_complain_n_enforced_equal_all" check="all"
+    version="1" comment="Compare number of profiles with sum of complain and enforced">
+    <ind:object object_ref="{{{ rule_id }}}_obj_all_apparmor_profiles"/>
+    <ind:state state_ref="{{{ rule_id }}}_state_sum_complain_n_enforced"/>
+  </ind:variable_test>
 </def-group>

From de472850a40c74a087c3d781001fd91c0430669b Mon Sep 17 00:00:00 2001
From: teacup-on-rockingchair
 <315160+teacup-on-rockingchair@users.noreply.github.com>
Date: Sun, 4 Feb 2024 21:16:28 +0100
Subject: [PATCH 7/9] Make tests apparmor platform dependent

---
 .../tests/correct_all_apparmor_profiles_in_complain.pass.sh      | 1 +
 .../tests/correct_all_apparmor_profiles_in_enforce.pass.sh       | 1 +
 .../tests/incorrect_all_apparmor_profiles.fail.sh                | 1 +
 3 files changed, 3 insertions(+)

diff --git a/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/correct_all_apparmor_profiles_in_complain.pass.sh b/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/correct_all_apparmor_profiles_in_complain.pass.sh
index 345881aa5d8..dd341bad17d 100644
--- a/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/correct_all_apparmor_profiles_in_complain.pass.sh
+++ b/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/correct_all_apparmor_profiles_in_complain.pass.sh
@@ -1,4 +1,5 @@
 #!/bin/bash
+# platform: package[apparmor]
 
 #Replace apparmor definitions
 apparmor_parser -q -r /etc/apparmor.d/
diff --git a/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/correct_all_apparmor_profiles_in_enforce.pass.sh b/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/correct_all_apparmor_profiles_in_enforce.pass.sh
index e2651e31641..26c7afc4079 100644
--- a/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/correct_all_apparmor_profiles_in_enforce.pass.sh
+++ b/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/correct_all_apparmor_profiles_in_enforce.pass.sh
@@ -1,4 +1,5 @@
 #!/bin/bash
+# platform: package[apparmor]
 
 #Replace apparmor definitions
 apparmor_parser -q -r /etc/apparmor.d/
diff --git a/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/incorrect_all_apparmor_profiles.fail.sh b/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/incorrect_all_apparmor_profiles.fail.sh
index 9f23139ed3b..8f19f9ccd94 100644
--- a/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/incorrect_all_apparmor_profiles.fail.sh
+++ b/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/incorrect_all_apparmor_profiles.fail.sh
@@ -1,4 +1,5 @@
 #!/bin/bash
+# platform: package[apparmor]
 
 #Configure the OS to unload all AppArmor profiles
 aa-teardown

From 6a1ee029c8551227644a2c843ca9dd59c94ab0d0 Mon Sep 17 00:00:00 2001
From: teacup-on-rockingchair
 <315160+teacup-on-rockingchair@users.noreply.github.com>
Date: Sun, 18 Feb 2024 14:25:51 +0200
Subject: [PATCH 8/9] Update
 linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/correct_all_apparmor_profiles_in_complain.pass.sh
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Jan Černý <jcerny@redhat.com>
---
 .../tests/correct_all_apparmor_profiles_in_complain.pass.sh     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/correct_all_apparmor_profiles_in_complain.pass.sh b/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/correct_all_apparmor_profiles_in_complain.pass.sh
index dd341bad17d..37770affadf 100644
--- a/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/correct_all_apparmor_profiles_in_complain.pass.sh
+++ b/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/correct_all_apparmor_profiles_in_complain.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform: package[apparmor]
+# packages = apparmor
 
 #Replace apparmor definitions
 apparmor_parser -q -r /etc/apparmor.d/

From 31aadb64f113f3f6f561418060ea6cdff0c202d4 Mon Sep 17 00:00:00 2001
From: teacup-on-rockingchair
 <315160+teacup-on-rockingchair@users.noreply.github.com>
Date: Wed, 6 Mar 2024 05:29:27 +0200
Subject: [PATCH 9/9] Fix tests packages header

Correctly define the depending package to install in order to run all_apparmor_profiles_in_enforce_complain_mode tests
Thanks to @jan-cerny for pointing it out :bow:
---
 .../tests/correct_all_apparmor_profiles_in_enforce.pass.sh      | 2 +-
 .../tests/incorrect_all_apparmor_profiles.fail.sh               | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/correct_all_apparmor_profiles_in_enforce.pass.sh b/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/correct_all_apparmor_profiles_in_enforce.pass.sh
index 26c7afc4079..9b64f995da9 100644
--- a/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/correct_all_apparmor_profiles_in_enforce.pass.sh
+++ b/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/correct_all_apparmor_profiles_in_enforce.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform: package[apparmor]
+# packages = apparmor
 
 #Replace apparmor definitions
 apparmor_parser -q -r /etc/apparmor.d/
diff --git a/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/incorrect_all_apparmor_profiles.fail.sh b/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/incorrect_all_apparmor_profiles.fail.sh
index 8f19f9ccd94..c9c33527421 100644
--- a/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/incorrect_all_apparmor_profiles.fail.sh
+++ b/linux_os/guide/system/apparmor/all_apparmor_profiles_in_enforce_complain_mode/tests/incorrect_all_apparmor_profiles.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform: package[apparmor]
+# packages = apparmor
 
 #Configure the OS to unload all AppArmor profiles
 aa-teardown