From 54f2b72cb6e011467321b64085e139922dac0bc1 Mon Sep 17 00:00:00 2001
From: Nimrod Kor <nimrodkor@gmail.com>
Date: Tue, 28 Apr 2020 14:12:04 +0300
Subject: [PATCH 1/2] Fix check12's grep to find users who really have password
 access

(cherry picked from commit 4006c581a06c449b66ede8892b9ae18c735ad34c)
---
 checks/check12 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/checks/check12 b/checks/check12
index 800b64cefc7..e2f9c12a1c4 100644
--- a/checks/check12
+++ b/checks/check12
@@ -19,7 +19,7 @@ CHECK_ALTERNATE_check102="check12"
 check12(){
   # "Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password (Scored)"
   # List users with password enabled
-  COMMAND12_LIST_USERS_WITH_PASSWORD_ENABLED=$(cat $TEMP_REPORT_FILE|awk -F, '{ print $1,$4 }' |grep true | awk '{ print $1 }')
+  COMMAND12_LIST_USERS_WITH_PASSWORD_ENABLED=$(cat $TEMP_REPORT_FILE|awk -F, '{ print $1,$4 }' |grep -F ' true' | awk '{ print $1 }')
   COMMAND12=$(
     for i in $COMMAND12_LIST_USERS_WITH_PASSWORD_ENABLED; do
       cat $TEMP_REPORT_FILE|awk -F, '{ print $1,$8 }' |grep "^$i " |grep false | awk '{ print $1 }'

From dbca70ef2e47ddfe0851756f83ee1883b75ed67b Mon Sep 17 00:00:00 2001
From: Nimrod Kor <nimrodkor@gmail.com>
Date: Tue, 28 Apr 2020 14:28:59 +0300
Subject: [PATCH 2/2] Add $ to end of regex

---
 checks/check12 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/checks/check12 b/checks/check12
index e2f9c12a1c4..adccb3c12ba 100644
--- a/checks/check12
+++ b/checks/check12
@@ -19,7 +19,7 @@ CHECK_ALTERNATE_check102="check12"
 check12(){
   # "Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password (Scored)"
   # List users with password enabled
-  COMMAND12_LIST_USERS_WITH_PASSWORD_ENABLED=$(cat $TEMP_REPORT_FILE|awk -F, '{ print $1,$4 }' |grep -F ' true' | awk '{ print $1 }')
+  COMMAND12_LIST_USERS_WITH_PASSWORD_ENABLED=$(cat $TEMP_REPORT_FILE|awk -F, '{ print $1,$4 }' |grep -F ' true$' | awk '{ print $1 }')
   COMMAND12=$(
     for i in $COMMAND12_LIST_USERS_WITH_PASSWORD_ENABLED; do
       cat $TEMP_REPORT_FILE|awk -F, '{ print $1,$8 }' |grep "^$i " |grep false | awk '{ print $1 }'