diff --git a/pkg/prebuild/cfg/directories.go b/pkg/prebuild/cfg/directories.go
index 497a67df..282aa1ad 100644
--- a/pkg/prebuild/cfg/directories.go
+++ b/pkg/prebuild/cfg/directories.go
@@ -33,6 +33,8 @@ var (
 	// counterpart
 	Overwrite Overwriter = false
 
+	// DebianHide is the path to the debian/apparmor.d.hide file
+	DebianHide = DebianHider{path: DebianDir.Join("apparmor.d.hide")}
 
 	Ignore = Ignorer{}
 	Flags  = Flagger{}
diff --git a/pkg/prebuild/cfg/files.go b/pkg/prebuild/cfg/files.go
index 7fb3a2fa..c716235c 100644
--- a/pkg/prebuild/cfg/files.go
+++ b/pkg/prebuild/cfg/files.go
@@ -5,11 +5,15 @@
 package cfg
 
 import (
+	"fmt"
+	"os"
 	"strings"
 
+	"github.com/roddhjav/apparmor.d/pkg/paths"
 	"github.com/roddhjav/apparmor.d/pkg/util"
 )
 
+// Default content of debian/apparmor.d.hide. Whonix has special addition.
 var Hide = `# This file is generated by "make", all edit will be lost.
 
 /etc/apparmor.d/usr.bin.firefox
@@ -81,4 +85,16 @@ func (o Overwriter) Apply() error {
 	return nil
 }
 
+type DebianHider struct {
+	path *paths.Path
+}
+
+// Initialize the file with content from Hide
+func (d DebianHider) Init() error {
+	return d.path.WriteFile([]byte(Hide))
+}
+
+// Initialize the file with content from Hide
+func (d DebianHider) Clean() error {
+	return d.path.WriteFile([]byte("# This file is generated by \"make\", all edit will be lost.\n"))
 }
diff --git a/pkg/prebuild/prebuild.go b/pkg/prebuild/prebuild.go
index fc327fff..30bf5c2e 100644
--- a/pkg/prebuild/prebuild.go
+++ b/pkg/prebuild/prebuild.go
@@ -45,14 +45,14 @@ func init() {
 	case "whonix":
 		cfg.Hide += `/etc/apparmor.d/abstractions/base.d/kicksecure
 /etc/apparmor.d/home.tor-browser.firefox
-/etc/apparmor.d/tunables/home.d/anondist
+/etc/apparmor.d/tunables/homsanitycheck
+/etc/apparmor.d/usr.bin.url_e.d/anondist
 /etc/apparmor.d/tunables/home.d/live-mode
 /etc/apparmor.d/tunables/home.d/qubes-whonix-anondist
 /etc/apparmor.d/usr.bin.hexchat
 /etc/apparmor.d/usr.bin.sdwdate
 /etc/apparmor.d/usr.bin.systemcheck
-/etc/apparmor.d/usr.bin.timesanitycheck
-/etc/apparmor.d/usr.bin.url_to_unixtime
+/etc/apparmor.d/usr.bin.timeto_unixtime
 /etc/apparmor.d/whonix-firewall
 `
 	}
diff --git a/pkg/prebuild/prepare/configure.go b/pkg/prebuild/prepare/configure.go
index abca3d54..c7f9330a 100644
--- a/pkg/prebuild/prepare/configure.go
+++ b/pkg/prebuild/prepare/configure.go
@@ -35,6 +35,10 @@ func (p Configure) Apply() ([]string, error) {
 		}
 
 	case "ubuntu":
+		if err := cfg.DebianHide.Clean(); err != nil {
+			return res, err
+		}
+
 		if cfg.Overwrite {
 			if err := cfg.Overwrite.Apply(); err != nil {
 				return res, err
@@ -46,7 +50,9 @@ func (p Configure) Apply() ([]string, error) {
 		}
 
 	case "debian", "whonix":
-		cfg.Overwrite.AptClean()
+		if err := cfg.DebianHide.Init(); err != nil {
+			return res, err
+		}
 
 		// Copy Debian specific abstractions
 		if err := util.CopyTo(cfg.DistDir.Join("ubuntu"), cfg.RootApparmord); err != nil {