diff --git a/shared/templates/audit_rules_privileged_commands/tests/auditctl_comented_value.fail.sh b/shared/templates/audit_rules_privileged_commands/tests/auditctl_comented_value.fail.sh
index c82af88678ad..3799821aee47 100644
--- a/shared/templates/audit_rules_privileged_commands/tests/auditctl_comented_value.fail.sh
+++ b/shared/templates/audit_rules_privileged_commands/tests/auditctl_comented_value.fail.sh
@@ -2,7 +2,7 @@
 # packages = audit
 source common.sh
 
-sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service
+setup_auditctl_environment
 
 echo \
 "# -a always,exit -F path={{{ PATH }}} ${perm_x} -F auid>={{{ auid }}} -F auid!=unset -k test_key" \
diff --git a/shared/templates/audit_rules_privileged_commands/tests/auditctl_correct_value.pass.sh b/shared/templates/audit_rules_privileged_commands/tests/auditctl_correct_value.pass.sh
index 91b4f6baa092..c3090b97161b 100644
--- a/shared/templates/audit_rules_privileged_commands/tests/auditctl_correct_value.pass.sh
+++ b/shared/templates/audit_rules_privileged_commands/tests/auditctl_correct_value.pass.sh
@@ -2,7 +2,7 @@
 # packages = audit
 source common.sh
 
-sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service
+setup_auditctl_environment
 
 echo \
 "-a always,exit -F path={{{ PATH }}} ${perm_x} -F auid>={{{ auid }}} -F auid!=unset -k test_key" \
diff --git a/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_auid.fail.sh b/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_auid.fail.sh
index 9c70f6e63b1f..ad4e9c3fe850 100644
--- a/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_auid.fail.sh
+++ b/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_auid.fail.sh
@@ -2,6 +2,6 @@
 # packages = audit
 source common.sh
 
-sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service
+setup_auditctl_environment
 
 echo "-a always,exit -F path={{{ PATH }}} ${perm_x} -k test_key" >> /etc/audit/audit.rules
diff --git a/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_perm_x.fail.sh b/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_perm_x.fail.sh
index 3161710110b7..13500e573088 100644
--- a/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_perm_x.fail.sh
+++ b/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_perm_x.fail.sh
@@ -4,7 +4,7 @@
 
 source common.sh
 
-sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service
+setup_auditctl_environment
 
 echo "-a always,exit -F path={{{ PATH }}} -F auid>={{{ auid }}} -F auid!=unset -k test_key" \
 >> /etc/audit/audit.rules
diff --git a/shared/templates/audit_rules_privileged_commands/tests/common.sh b/shared/templates/audit_rules_privileged_commands/tests/common.sh
index 71b9f802a1d8..2bcb187f71b5 100644
--- a/shared/templates/audit_rules_privileged_commands/tests/common.sh
+++ b/shared/templates/audit_rules_privileged_commands/tests/common.sh
@@ -1,6 +1,9 @@
+. $SHARED/auditd_utils.sh
+
 {{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}}
 perm_x="-F perm=x"
 {{%- endif %}}
 
+
 rm -f /etc/audit/rules.d/*.rules
 truncate -s 0 /etc/audit/audit.rules