Allow syscheck reports size for 2gb+ files

[mjcr99]

Related issue
https://github.com/wazuh/wazuh/issues/17184

Description

This PR solves a problem in syscheck that caused data corruption in the reported size for 2gb+ files. Due to data type conflicts, the data flow suffered truncations and non-desired modifications in the FIM size variable, resulting in corrupted alerts and incorrect file monitoring.

Configuration options

No special configuration is needed, but to clearly see the change, enabling realtime monitoring is usefull.

Logs/Alerts example

Example alerts creating, moficating and deleting a 5,8+ gb test file.

File creation

``` ** Alert 1685988994.1033190: - ossec,syscheck,syscheck_entry_added,syscheck_file,pci_dss_11.5,gpg13_4.11,gdpr_II_5.1.f,hipaa_164.312.c.1,hipaa_164.312.c.2,nist_800_53_SI.7,tsc_PI1.4,tsc_PI1.5,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3, 2023 Jun 05 18:16:34 (agent3-ubu22) any->syscheck Rule: 554 (level 5) -> 'File added to the system.' File '/home/vagrant/test/tt' added Mode: realtime Attributes: - Size: 6294967300 - Permissions: rw-r--r-- - Date: Tue Jun 6 10:01:35 2023 - Inode: 1574467 - User: root (0) - Group: root (0) - MD5: d41d8cd98f00b204e9800998ecf8427e - SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 - SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 ```

File size modification

``` ** Alert 1685989009.1033890: - ossec,syscheck,syscheck_entry_modified,syscheck_file,pci_dss_11.5,gpg13_4.11,gdpr_II_5.1.f,hipaa_164.312.c.1,hipaa_164.312.c.2,nist_800_53_SI.7,tsc_PI1.4,tsc_PI1.5,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3, 2023 Jun 05 18:16:49 (agent3-ubu22) any->syscheck Rule: 550 (level 7) -> 'Integrity checksum changed.' File '/home/vagrant/test/tt' modified Mode: realtime Changed attributes: size,mtime Size changed from '6294967300' to '6294967400' Old modification time was: '1686045695', now it is '1686045710' Attributes: - Size: 6294967400 - Permissions: rw-r--r-- - Date: Tue Jun 6 10:01:50 2023 - Inode: 1574467 - User: root (0) - Group: root (0) - MD5: d41d8cd98f00b204e9800998ecf8427e - SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 - SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 ```

File deletion

``` ** Alert 1685989100.1034740: - ossec,syscheck,syscheck_entry_deleted,syscheck_file,pci_dss_11.5,gpg13_4.11,gdpr_II_5.1.f,hipaa_164.312.c.1,hipaa_164.312.c.2,nist_800_53_SI.7,tsc_PI1.4,tsc_PI1.5,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3, 2023 Jun 05 18:18:20 (agent3-ubu22) any->syscheck Rule: 553 (level 7) -> 'File deleted.' File '/home/vagrant/test/tt' deleted Mode: realtime Attributes: - Size: 6294967400 - Permissions: rw-r--r-- - Date: Tue Jun 6 10:01:50 2023 - Inode: 1574467 - User: root (0) - Group: root (0) - MD5: d41d8cd98f00b204e9800998ecf8427e - SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 - SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 ```

Tests

• Compilation without warnings
  • [x] Linux source installation

[mjcr99]

Failing test analysis:

• Unit tests: cmocka server : Probably related to lack of resources in the test runner machine.
• Install test: seems to be related to the pending merge of 4.8.0 into 4.9.0 since it's related to VD refactor.
• Test: FIM IT - These are the old ITs. The migrated ITs appear :green_circle:

Additionally

• Integration tests for Analysisd - Tier 2 has been run and all new cases are working fine.