Use system.sw.packages.get to eliminate the need to have scripts on agents

[tunloop]

In a recent version of zabbix a feature was added to retrieve package information via zabbix agent 2.

For example on a dpkg system, the value from a item like this: system.sw.packages.get[^openssh-server$,dpkg] returns this:

[{"name":"openssh-server","manager":"dpkg","version":"1:9.2p1-2+deb12u3","size":1972224,"arch":"amd64","buildtime":{"timestamp":0,"value":""},"installtime":{"timestamp":0,"value":""}}]

Since retrieving package version and name is now built directly into the zabbix agents, I think it would be great to have your agent-side scripts and run system commands be optional.

I would love to see zabbix threat control utilize this key via a template and make remediation (apt update and apt upgrade) optional.

Side note: for me personally, I use unattended-upgrades to ensure security issues get updated automatically, eliminating my personal need for zabbix to go and upgrade the packages manually. But I still like the idea of zabbix threat control, and for my personal use case, is an excellent way to monitor the status of these unattended updates ensuring that vulnerable packages are up-to-date.

This would allow faster and simpler deployments with less stuff to potentially break.