[8.19](backport #45950) Fix file_integrity kprobe filters, use BTF values where possible

[mergify]

Proposed commit message

See #45897
This fixes a bug in recent kernels where a change to the fsnotify_data_type enum broke the kprobe filters, which were hard-coding the enum values. This changes the kprobe setup so we use the BTF values for the fsnotify_data_type enum where possible, and only fall back to hard-coding the data type values on older kernels.

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

• closes File Integrity Module Breaking on kernels >=6.14 due to changes in in fsnotify_data_type #45897

---

This is an automatic backport of pull request #45950 done by [Mergify](https://mergify.com).

[mergify]

Cherry-pick of 9773649 has failed:

On branch mergify/bp/8.19/pr-45950
Your branch is up to date with 'origin/8.19'.

You are currently cherry-picking commit 97736493a.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	modified:   auditbeat/module/file_integrity/kprobes/monitor_test.go
	modified:   auditbeat/module/file_integrity/kprobes/probes_fsnotify.go
	modified:   auditbeat/module/file_integrity/kprobes/probes_fsnotify_test.go

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   NOTICE.txt
	both modified:   go.mod
	both modified:   go.sum

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

[elasticmachine]

Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform)

[mergify]

This pull request has not been merged yet. Could you please review and merge it @fearful-symmetry? 🙏

[mergify]

This pull request has not been merged yet. Could you please review and merge it @fearful-symmetry? 🙏

[mergify]

This pull request has not been merged yet. Could you please review and merge it @fearful-symmetry? 🙏

[mergify]

This pull request has not been merged yet. Could you please review and merge it @fearful-symmetry? 🙏

[mergify]

This pull request has not been merged yet. Could you please review and merge it @fearful-symmetry? 🙏

[mergify]

This pull request has not been merged yet. Could you please review and merge it @fearful-symmetry? 🙏

[mergify]

This pull request has not been merged yet. Could you please review and merge it @fearful-symmetry? 🙏

[mergify]

This pull request has not been merged yet. Could you please review and merge it @fearful-symmetry? 🙏

[pierrehilbert]

@fearful-symmetry could you please resolve the conflicts?

[mergify]

This pull request has not been merged yet. Could you please review and merge it @fearful-symmetry? 🙏

[mergify]

This pull request has not been merged yet. Could you please review and merge it @fearful-symmetry? 🙏

[mergify]

This pull request has not been merged yet. Could you please review and merge it @fearful-symmetry? 🙏

[mergify]

This pull request has not been merged yet. Could you please review and merge it @fearful-symmetry? 🙏

[mergify]

This pull request has not been merged yet. Could you please review and merge it @fearful-symmetry? 🙏

[mergify]

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b mergify/bp/8.19/pr-45950 upstream/mergify/bp/8.19/pr-45950
git merge upstream/8.19
git push upstream mergify/bp/8.19/pr-45950

[mergify]

This pull request has not been merged yet. Could you please review and merge it @fearful-symmetry? 🙏

[jlind23]

@nfritts @fearful-symmetry could you please make sure this is reviewed / fixed?

[mergify]

This pull request has not been merged yet. Could you please review and merge it @fearful-symmetry? 🙏

[mergify]

This pull request has not been merged yet. Could you please review and merge it @fearful-symmetry? 🙏

[pierrehilbert]

@nfritts / @fearful-symmetry FF is tomorrow so if we want this in the next 8.19 release, we should take care of merging that one soon.

[mergify]

This pull request has not been merged yet. Could you please review and merge it @fearful-symmetry? 🙏

[mergify]

This pull request has not been merged yet. Could you please review and merge it @fearful-symmetry? 🙏

[mergify]

This pull request has not been merged yet. Could you please review and merge it @fearful-symmetry? 🙏

[mergify]

This pull request has not been merged yet. Could you please review and merge it @fearful-symmetry? 🙏

[mergify]

This pull request has not been merged yet. Could you please review and merge it @fearful-symmetry? 🙏

[mergify]

This pull request has not been merged yet. Could you please review and merge it @fearful-symmetry? 🙏

[mergify]

This pull request has not been merged yet. Could you please review and merge it @fearful-symmetry? 🙏

[mergify]

This pull request has not been merged yet. Could you please review and merge it @fearful-symmetry? 🙏

[mergify]

This pull request has not been merged yet. Could you please review and merge it @fearful-symmetry? 🙏

[mergify]

This pull request has not been merged yet. Could you please review and merge it @fearful-symmetry? 🙏

[fearful-symmetry]

Sorry about that, looks like it got lost during the holidays

[mergify]

This pull request has not been merged yet. Could you please review and merge it @fearful-symmetry? 🙏