Issue
The deployment script checks for system users and system groups to avoid conflicts or security issues. Due to the detection of non-system user ossec
already present in the system the installation stops with:
The error is "Non-system user ossec already exists"
This means that the ossec
user, which is commonly used by the OSSEC HIDS and also required by imunify360-ossec, already exists as a non-system user in the system. This might happen if OSSEC was previously installed (possibly as part of another package like or compiled).
Environment
- Imunify360
- OSSEC
Solution
1. First, make sure to check existing user ID, installed ossec packages and service leftovers:
getent passwd ossec
yum list installed | grep ossec
systemctl -a | grep ossec
2. If so analyze the impact of deleting the user or changing its settings as per:
ossece:x:972:968::/var/ossec:/sbin/nologin
3. There should be no userland process and no home dirs; settings can be copied if alter:
ps -u ossec
find / -user ossec 2>/dev/null
3.1. If found files belong to /var/ossec/etc/
this likely means it is Imunify360 OSSEC remnants, as compiled version will deploy to /etc/
. Folder stat and yum history can clarify.
3.2. If deleting the ossec user can be considered safe, the below commands should resolve:
rm /etc/systemd/system/ossec.service
systemctl daemon-reload
userdel ossec
bash /root/i360deploy.sh
Cause
The ossec package installation might have failed previously, for example, if there were system user IDs taken or other conflicts.
Useful links
- https://cloudlinux.zendesk.com/hc/en-us/articles/6611317168156--internal-ERROR-Invalid-user-ossec-or-group-ossec-given-
- https://cloudlinux.zendesk.com/hc/en-us/articles/4404414890514-OSSEC-and-SELinux-issues
Comments
0 comments
Please sign in to leave a comment.