# OSSEC install error



## chavez243ca (Apr 9, 2013)

The ossec-hids-client port generates the following error:


```
===> Creating users and/or groups.
Using existing group `ossec'.
Using existing user `ossec'.
Creating user `ossecm' with uid `967'.
pw: group `966' does not exist
*** Error code 67
```

I have had this happen on more than one host during portupgrades. I also tried:


```
#make deinstall
#make clean
#make reinstall
```

and still got the same error.


----------



## SirDice (Apr 9, 2013)

What's the output of `grep ossec /etc/group`?


----------



## chavez243ca (Apr 9, 2013)

```
ossec:*:1112:
```

I did check that, but ossec 2.6 was running just fine. For some reason the upgrade to 2.7 starts complaining about uid 966, 967 - it could (should?) just create the required group, or use the existing one. Instead, it fails.


----------



## SirDice (Apr 9, 2013)

The port seems to assume the ossec group has GID 966. Changing the GID in /etc/group should work, or you can simply remove it. 

Keep your eye on any existing files though, you may need to chown(8)/chgrp(1) them.


----------



## chavez243ca (Apr 9, 2013)

I think changing the GID may have done the trick.


----------



## mecano (Sep 5, 2014)

Just for info, with last ports (2.8).
Installing security/ossec-hids-server then removing it with pkgng `pkg delete ossec-hids-server` results in 'users ghosting' preventing a then security/ossec-hids-client to run (install produces warning but doesn't fail).
`pw userdel` doesn't work to fix it, the workaround is to use `vipw`, remove the users, save, then reinstall.


----------

