Fix regex for pam_wheel.so line with use_uid

The regex used in OVAL was not expecting additional options configured
on the same line and assumed the use_uid was the last option. This
commit makes the regex more flexible and robust.

linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/oval/shared.xml

@@ -1,19 +1,21 @@
 <def-group>
-  <definition class="compliance" id="use_pam_wheel_for_su" version="1">
+  <definition class="compliance" id="{{{ rule_id }}}" version="1">
     {{{ oval_metadata("Only members of the wheel group should be able to authenticate through the su command.") }}}
     <criteria operator="AND">
       <criterion test_ref="test_use_pam_wheel_for_su" />
     </criteria>
   </definition>
 
-  <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="check /etc/pam.d/su for correct setting" id="test_use_pam_wheel_for_su" version="1">
+  <ind:textfilecontent54_test id="test_use_pam_wheel_for_su" version="1"
+    check="all" check_existence="at_least_one_exists"
+    comment="check existence of use_uid option for pam_wheel.so in /etc/pam.d/su">
     <ind:object object_ref="object_use_pam_wheel_for_su" />
   </ind:textfilecontent54_test>
 
-  <ind:textfilecontent54_object comment="check /etc/pam.d/su for correct setting" id="object_use_pam_wheel_for_su" version="1">
+  <ind:textfilecontent54_object id="object_use_pam_wheel_for_su" version="1"
+    comment="collect pam_wheel.so line in /etc/pam.d/su if use_uid option is present in the line">
     <ind:filepath>/etc/pam.d/su</ind:filepath>
-    <ind:pattern operation="pattern match">^[\s]*auth[\s]+required[\s]+pam_wheel\.so[\s]+use_uid$</ind:pattern>
+    <ind:pattern operation="pattern match">^[\s]*auth[\s]+required[\s]+pam_wheel\.so[\s]+\buse_uid\b</ind:pattern>
     <ind:instance datatype="int">1</ind:instance>
   </ind:textfilecontent54_object>
-
 </def-group>