Fix ubuntu remediation and add tests for no_empty_passwords

Original remediation removed the `nullok` keyword and everything after it.

Author: mpurg

linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh

@@ -12,8 +12,8 @@ for FILE in ${NULLOK_FILES}; do
 done
 {{% elif 'ubuntu' in product %}}
 COMMON_PASSWORD_PATH="/etc/pam.d/common-password"
-if grep -l "nullok.*" ${COMMON_PASSWORD_PATH}; then
-    sed -i 's/nullok.*//g' ${COMMON_PASSWORD_PATH}
+if grep -q "nullok" ${COMMON_PASSWORD_PATH}; then
+    sed -i 's/\s*nullok//g' ${COMMON_PASSWORD_PATH}
 fi
 {{% else %}}
 if [ -f /usr/bin/authselect ]; then

linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/no_nullok.pass.sh

@@ -1,5 +1,9 @@
 #!/bin/bash
-# platform = Oracle Linux 7,Red Hat Enterprise Linux 7,Red Hat Virtualization 4,multi_platform_fedora
+# platform = Oracle Linux 7,Red Hat Enterprise Linux 7,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ubuntu
 
+{{% if 'ubuntu' in product %}}
+sed -i --follow-symlinks '/nullok/d' /etc/pam.d/common-password
+{{% else %}}
 sed -i --follow-symlinks '/nullok/d' /etc/pam.d/system-auth
 sed -i --follow-symlinks '/nullok/d' /etc/pam.d/password-auth
+{{% endif %}}

linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/nullok_present_common_password.fail.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+# platform = multi_platform_ubuntu
+
+COMMON_PASSWORD_FILE="/etc/pam.d/common-password"
+
+if ! $(grep -q "^[^#].*pam_unix\.so.*nullok" $COMMON_PASSWORD_FILE); then
+    sed -i --follow-symlinks 's/\([\s].*pam_unix\.so.*\)\s\(sha512.*\)/\1nullok \2/' $COMMON_PASSWORD_FILE
+fi