[File Integrity Monitoring] Exclude files that regularly changes

[chemamartinez]

What does this PR do?

• Avoid monitoring by default /usr/share. It contains the folder where the elastic agent is installed, including the beat.db database which is updated every time a change in FIM happens, so it generates an infinite loop.

• Exclude by default files that are expected to be modified, in particular, .tmp, .log and .db files. FIM should be focused on monitoring files whose changes may represent a security issue, monitoring files that change regularly may imply a noise that makes this task more difficult.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-08-28T16:43:29.579+0000

• Duration: 14 min 47 sec

Test stats 🧪

Test	Results
Failed	0
Passed	6
Skipped	0
Total	6

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[elasticmachine]

🌐 Coverage report

Name	Metrics % (covered/total)	Diff
Packages	100.0% (0/0)	💚
Files	100.0% (0/0)	💚
Classes	100.0% (0/0)	💚
Methods	75.0% (3/4)	👍
Lines	100.0% (0/0)	💚
Conditionals	100.0% (0/0)	💚

[efd6]

It seems odd that the beats db is in /usr/share; ISTM that it should be in $XDG_STATE_HOME or similar.

[elasticmachine]

Package fim - 1.10.1 containing this change is available at https://epr.elastic.co/search?package=fim