6.2.1 does not handle an empty line in /etc/passwd using dict rhel7cis_passwd

[mballon]

Describe the Issue When looping over rhel7cis_passwd and a blank line is found, recommendation 6.2.1 reports back a bad attr.

Expected Behavior The dict should not contain blank lines. The command: cat /etc/passwd from PRELIM should probably be a regex. I believe this to be the third issue I've seen with passwd fail due to lines that could not be clearly parsed.

Actual Behavior TASK [6.2.1 | L1 | PATCH | Ensure accounts in /etc/passwd use shadow passwords] ** Friday 26 August 2022 09:37:09 -0400 (0:01:11.228) 0:01:13.166 ***** fatal: [somehost]: FAILED! => {"msg": "'None' has no attribute 'password'"}

Control(s) Affected Recommendation 6.2.1 ends in fatal/error

Environment (please complete the following information):

• Ansible Version: 2.9
• Host Python Version: Python 2.7.5
• Ansible Server Python Version: Python 3.6.8
• Additional Details:

Additional Notes Anything additional goes here

Possible Solution Use a regex vice cat in tasks/parse_etc_password.yml

command: cat /etc/passwd

command: egrep -v '^(\s*#|\s+|$)' /etc/passwd

[uk-bolly]

hi @mballon

Thank you for this feedback, testing like this is something we dont always have chance to account for so feedback is always welcome. We have included your suggestion into the latest PR for devel.

Thanks

uk-bolly

[uk-bolly]

hi @mballon

This Issue has now been merged are you happy to close this?

Thanks uk-bolly