Fix bug configuring empty blocks in FIM

[bah07]

Related issue:

• Bug in empty configuration of Syscheck #1896

When defining a second FIM configuration block, if it is empty, the module is disabled. If the agent in question had different configurations because it belonged to several groups, the last block would make the rest of the applied configurations unusable. This PR solve this behavior.

Tests

• In the ossec.conf, after the default configuration defines an empty Syscheck block.
• Define a block with a single directory and place an empty block above or below it.
• Apply these settings via remote configuration.

[vikman90]

Syscheck and Rootcheck now have different behaviors:

<rootcheck>
  <disabled>yes</disabled>
</rootcheck>

<rootcheck />

The second definition re-enables Rootcheck despite the first definition explicitly disables it.

<syscheck>
  <!--
  <disabled>no</disabled>
  -->
  <directories check_all="yes" realtime="yes">/root/test</directories>
</syscheck>

Syscheck is disabled because it was not explicitly enabled.

Change proposal

Both Syscheck and Rootcheck may have this behavior:

• If one <syscheck> or <rootcheck> tag is defined at less, they may be enabled.
• If no <syscheck> or <rootcheck> tag is defined, they may be disabled.
• If <disabled> is defined in any stanza —if there are multiple definitions—, they may follow that definition.