Rule descriptions not up-to-date with the latest STIG

[0intro]

Description of problem:

The rule descriptions are not up-to-date with the latest STIG.

For example, after the update of the RHEL 9 STIG, the policy/stig/shared.yml description of the sysctl_kernel_yama_ptrace_scope rule was updated:

But the vuln_discussion section is duplicated. The first one is the previous one and the new one appears at the end of the file.

vuldiscussion: |-
    Unrestricted usage of ptrace allows compromised binaries to run ptrace on another processes of the user. Like this, the attacker can steal
    sensitive information from the target processes (e.g. SSH sessions, web browser, etc) without any additional assistance from the user (i.e. without resorting to phishing).

[...]

vuln_discussion: |-
    Unrestricted usage of ptrace allows compromised binaries to run ptrace on other processes of the user. Like this, the attacker can steal sensitive information from the target processes (e.g., SSH sessions, web browser, etc.) without any additional assistance from the user (i.e., without resorting to phishing).

And the rule.yml description was not updated:

rationale: |
    Unrestricted usage of ptrace allows compromised binaries to run ptrace
    on another processes of the user. Like this, the attacker can steal
    sensitive information from the target processes (e.g. SSH sessions, web browser, ...)
    without any additional assistance from the user (i.e. without resorting to phishing).

SCAP Security Guide Version:

master branch as of 2024-06-24 (644de12).

[Mab879]

Thanks for opening this issue.

We have a script to update the policy files ./utils/import_disa_stig.py .

It's basic and requires manual review but it helps a lot.

We usually don't update the description or rationale due to DISA's changes.

I will make a note to update these files once DISA releases a new version. Which should be in late July.