The deployment script checks for system users and system groups to avoid conflicts or security issues. Due to the detection of non-system user
ossec already present in the system the installation stops with:
The error is "Non-system user ossec already exists"
This means that the
ossec user, which is commonly used by the OSSEC HIDS and also required by imunify360-ossec, already exists as a non-system user in the system. This might happen if OSSEC was previously installed (possibly as part of another package like or compiled).
1. First, make sure to check existing user ID, installed ossec packages and service leftovers:
getent passwd ossec
yum list installed | grep ossec
systemctl -a | grep ossec
2. If so analyze the impact of deleting the user or changing its settings as per:
3. There should be no userland process and no home dirs; settings can be copied if alter:
ps -u ossec
find / -user ossec 2>/dev/null
3.1. If found files belong to
/var/ossec/etc/ this likely means it is Imunify360 OSSEC remnants, as compiled version will deploy to
/etc/. Folder stat and yum history can clarify.
3.2. If deleting the ossec user can be considered safe, the below commands should resolve:
The ossec package installation might have failed previously, for example, if there were system user IDs taken or other conflicts.