Fix hotfixes syscollector AS messages

[Rebits]

Description

This PR fixes Agent simulator syscollector hotfixes messages

Testing performed

Warning

Hotfix messages are specifically designed for the Windows agent. However, since the agent simulator does not support Windows as an operating system, the default OS, Debian, has been used for hotfix emulation testing

No CI process includes hotfixes syscollector messages, so, this was tested locally

• After changes we can see in syscollector debug messages that correct payload is used

Syscollector Debug Messages

python3 simulate_agents.py  -a 192.168.56.9 -n 1  -m syscollector -s 10 -t 40
DEBUG:root:Registration - 1-xSCGRlmLEB8ocKAd-debian8(032) in 192.168.56.9
DEBUG:root:Keep alive message = #!-Linux |agent-debian8 |3.16.0-9-amd64 |#1 SMP Debian 3.16.68-1 (2019-05-22) |x86_64 [Debian GNU/Linux|debian: 8 (jessie)] - Wazuh v4.2.0 / ab73af41699f13fdd81903b5f23d8d00
d6e3ac3e75ca0319af3e7c262776f331 merged.mg
#"_agent_ip":10.0.2.15

INFO:P27013:{'keepalive': {'status': 'enabled', 'frequency': 10.0}, 'fim': {'status': 'disabled', 'eps': 0}, 'fim_integrity': {'status': 'disabled', 'eps': 0}, 'syscollector': {'status': 'enabled', 'frequency': 60, 'eps': 10}, 'vulnerability': {'status': 'disabled', 'frequency': 60, 'eps': 0}, 'rootcheck': {'status': 'disabled', 'frequency': 60.0, 'eps': 0}, 'sca': {'status': 'disabled', 'frequency': 60, 'eps': 0}, 'hostinfo': {'status': 'disabled', 'eps': 0}, 'winevt': {'status': 'disabled', 'eps': 0}, 'logcollector': {'status': 'disabled', 'eps': 0}, 'receive_messages': {'status': 'enabled'}}
INFO:P27013:Waiting 0 seconds before sending EPS and keep-alive events
INFO:P27013:Starting 1 agents.
DEBUG:root:Starting - 1-xSCGRlmLEB8ocKAd-debian8(032)(debian8) - keepalive
DEBUG:root:Starting - 1-xSCGRlmLEB8ocKAd-debian8(032)(debian8) - syscollector
DEBUG:root:Starting - 1-xSCGRlmLEB8ocKAd-debian8(032)(debian8) - receive_messages
DEBUG:root:Startup - 1-xSCGRlmLEB8ocKAd-debian8(032)
DEBUG:root:KeepAlive - 1-xSCGRlmLEB8ocKAd-debian8(032)
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"WXF6OVV1YX","description":"","format":"","groups":"editors","install_time":"2024/05/14 00:00:00","item_id":"VCHBNN07RK","location":"","multiarch":"null","name":"pLhWnunRkM","priority":"optional","scan_time":"2023/12/1915:32:25","size":"1","source":"","vendor":"pLhWnunRkM","version":"4"}, "operation": "INSERTED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"G2LKZRTTD3","description":"","format":"","groups":"editors","install_time":"2024/05/14 00:00:00","item_id":"YMQCVLU42C","location":"","multiarch":"null","name":"acKvTUtxaP","priority":"optional","scan_time":"2023/12/1915:32:25","size":"2","source":"","vendor":"acKvTUtxaP","version":"5"}, "operation": "DELETED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"C6KQAFOX32","description":"","format":"","groups":"editors","install_time":"2024/05/14 00:00:00","item_id":"JIMOEF0FKW","location":"","multiarch":"null","name":"vVCSeRvsbe","priority":"optional","scan_time":"2023/12/1915:32:25","size":"3","source":"","vendor":"vVCSeRvsbe","version":"7"}, "operation": "DELETED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"M9X5MVWEUW","description":"","format":"","groups":"editors","install_time":"2024/05/14 00:00:00","item_id":"GIWQKZT4TG","location":"","multiarch":"null","name":"NxYZcMXRHW","priority":"optional","scan_time":"2023/12/1915:32:25","size":"4","source":"","vendor":"NxYZcMXRHW","version":"3"}, "operation": "INSERTED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"BPLDYIV0P5","description":"","format":"","groups":"editors","install_time":"2024/05/14 00:00:00","item_id":"KS3RQAX84I","location":"","multiarch":"null","name":"XclxOrjfcE","priority":"optional","scan_time":"2023/12/1915:32:25","size":"5","source":"","vendor":"XclxOrjfcE","version":"5"}, "operation": "INSERTED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"54TCWFX55C","description":"","format":"","groups":"editors","install_time":"2024/05/14 00:00:00","item_id":"63AU2PLHB3","location":"","multiarch":"null","name":"gbvpPubKon","priority":"optional","scan_time":"2023/12/1915:32:25","size":"6","source":"","vendor":"gbvpPubKon","version":"7"}, "operation": "INSERTED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"BOEA44B1C8","description":"","format":"","groups":"editors","install_time":"2024/05/14 00:00:00","item_id":"VC6OB4K3GY","location":"","multiarch":"null","name":"pQonTrfrmL","priority":"optional","scan_time":"2023/12/1915:32:25","size":"7","source":"","vendor":"pQonTrfrmL","version":"3"}, "operation": "DELETED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"ZZCCANH4LW","description":"","format":"","groups":"editors","install_time":"2024/05/14 00:00:00","item_id":"3T99MC3WRV","location":"","multiarch":"null","name":"tsmVGKDdXq","priority":"optional","scan_time":"2023/12/1915:32:25","size":"8","source":"","vendor":"tsmVGKDdXq","version":"8"}, "operation": "DELETED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"92I6G1D2HD","description":"","format":"","groups":"editors","install_time":"2024/05/14 00:00:00","item_id":"TZWUM2BL54","location":"","multiarch":"null","name":"dqIxxptDcs","priority":"optional","scan_time":"2023/12/1915:32:25","size":"9","source":"","vendor":"dqIxxptDcs","version":"6"}, "operation": "DELETED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"819ZM6SD40","description":"","format":"","groups":"editors","install_time":"2024/05/14 00:00:00","item_id":"FMXVA8FL9G","location":"","multiarch":"null","name":"fKnADXxJjI","priority":"optional","scan_time":"2023/12/1915:32:25","size":"10","source":"","vendor":"fKnADXxJjI","version":"6"}, "operation": "DELETED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_hotfixes", "data": {"checksum":"7F4SMOWVMA","hotfix":"7F4SMOWVMA","scan_time":"2024/05/14 00:00:00"}, "operation": "MODIFIED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_hotfixes", "data": {"checksum":"H49EIGZNQ8","hotfix":"H49EIGZNQ8","scan_time":"2024/05/14 00:00:00"}, "operation": "MODIFIED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_hotfixes", "data": {"checksum":"SQSKE9T29I","hotfix":"SQSKE9T29I","scan_time":"2024/05/14 00:00:00"}, "operation": "MODIFIED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_hotfixes", "data": {"checksum":"TK2VNI2R9D","hotfix":"TK2VNI2R9D","scan_time":"2024/05/14 00:00:00"}, "operation": "MODIFIED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_hotfixes", "data": {"checksum":"M8BR1TLAS7","hotfix":"M8BR1TLAS7","scan_time":"2024/05/14 00:00:00"}, "operation": "MODIFIED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_hotfixes", "data": {"checksum":"488E91L6G2","hotfix":"488E91L6G2","scan_time":"2024/05/14 00:00:00"}, "operation": "MODIFIED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_hotfixes", "data": {"checksum":"ZYE9X5FL74","hotfix":"ZYE9X5FL74","scan_time":"2024/05/14 00:00:00"}, "operation": "MODIFIED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_hotfixes", "data": {"checksum":"BZDS8GU86H","hotfix":"BZDS8GU86H","scan_time":"2024/05/14 00:00:00"}, "operation": "MODIFIED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_hotfixes", "data": {"checksum":"17ZWTLV7YO","hotfix":"17ZWTLV7YO","scan_time":"2024/05/14 00:00:00"}, "operation": "MODIFIED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_hotfixes", "data": {"checksum":"7C6UXS9C48","hotfix":"7C6UXS9C48","scan_time":"2024/05/14 00:00:00"}, "operation": "MODIFIED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_hwinfo", "data": {"scan_time":"2024/05/14 00:00:00","board_serial":"JZMXTTVQJ9","checksum":"JZMXTTVQJ9","cpu_mhz":"21","cpu_cores":"21","cpu_name":"JZMXTTVQJ9","ram_free":"21","ram_total":"21","ram_usage":"21"}, "operation": "MODIFIED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_hwinfo", "data": {"scan_time":"2024/05/14 00:00:00","board_serial":"Q219V8Z9YB","checksum":"Q219V8Z9YB","cpu_mhz":"22","cpu_cores":"22","cpu_name":"Q219V8Z9YB","ram_free":"22","ram_total":"22","ram_usage":"22"}, "operation": "MODIFIED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_hwinfo", "data": {"scan_time":"2024/05/14 00:00:00","board_serial":"YHW3UYUUZN","checksum":"YHW3UYUUZN","cpu_mhz":"23","cpu_cores":"23","cpu_name":"YHW3UYUUZN","ram_free":"23","ram_total":"23","ram_usage":"23"}, "operation": "MODIFIED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_hwinfo", "data": {"scan_time":"2024/0

• No error appears in the manager

Ossec.log

2024/05/14 19:12:16 wazuh-remoted: INFO: (1409): Authentication file changed. Updating.
2024/05/14 19:12:16 wazuh-remoted: INFO: (1410): Reading authentication keys file.
2024/05/14 19:13:21 wazuh-authd: INFO: New connection from 192.168.56.1
2024/05/14 19:13:21 wazuh-authd: INFO: Received request for a new agent (1-xSCGRlmLEB8ocKAd-debian8) from: 192.168.56.1
2024/05/14 19:13:21 wazuh-authd: INFO: Agent key generated for '1-xSCGRlmLEB8ocKAd-debian8' (requested by any)
2024/05/14 19:13:26 wazuh-remoted: INFO: (1409): Authentication file changed. Updating.
2024/05/14 19:13:26 wazuh-remoted: INFO: (1410): Reading authentication keys file.

[rafabailon]

LGTM