Issue
The deployment script checks for system users and system groups to avoid conflicts or security issues. Due to the detection of non-system user ossec already present in the system, the installation stops with:
The error is "Non-system user ossec already exists"
This means that the ossec user, which is commonly used by the OSSEC HIDS and also required by imunify360-ossec, already exists as a non-system user in the system. This might happen if OSSEC was previously installed (possibly as part of another package like or compiled).
Environment
- Imunify360
- OSSEC
Solution
1. First, make sure to check existing user ID, installed ossec packages and service leftovers:
getent passwd ossec
getent passwd ossecr
getent passwd ossecm
yum list installed | grep ossec
systemctl -a | grep ossec
2. If so, analyze the impact of deleting the user or changing its settings as per:
ossece:x:972:968::/var/ossec:/sbin/nologin
3. There should be no userland process and no home dirs; settings can be copied if alter:
ps -u ossec
find / -user ossec 2>/dev/null
3.1. If found files belong to /var/ossec/etc/ this likely means it is Imunify360 OSSEC remnants, as compiled version will deploy to /etc/. Folder stat and yum history can clarify.
3.2. If deleting the ossec user can be considered safe, the below commands should resolve:
rm /etc/systemd/system/ossec.service
systemctl daemon-reload
userdel ossec
userdel ossecr
userdel ossecm
bash /root/i360deploy.sh(or change uid and gid in file if delete is not possible).
/etc/imunify360/
/etc/imunify360-webshield
/var/imunify360
/var/i360_pam_imunify
/var/lib/imunify360
/var/lib//imunify360-php-daemon
/var/log/imunify360
/var/ossec/ (or backup this folder to /var/remove-ossec)
after removing the OSSEC users, the folders and files everywhere. Try to install Imunify360 again.
Cause
The ossec package installation might have failed previously, for example, if there were system user IDs taken or other conflicts.
Useful links
- https://cloudlinux.zendesk.com/hc/en-us/articles/6611317168156--internal-ERROR-Invalid-user-ossec-or-group-ossec-given-
- https://cloudlinux.zendesk.com/hc/en-us/articles/4404414890514-OSSEC-and-SELinux-issues
Comments
0 comments
Article is closed for comments.