Announcement

**PJJ** · Jan 13, 2015, 01:29 PM

OK, I found where OSSEC is located. According to user manager the home is /var/lib/dome9/ossec.
OSSEC is shown in user management with a UID of 1001.
Deleting this user via user manager did not work. First it offered to delete the user, the home /var/lib/dome9/ossec and the mailbox /var/mail/ossec.

However, the system could not delete the named directories/files because neither one of them exists. Huh? But the user is still shown on the login screen.

The above directories do not exist as of Dolphin.

I will have to see whether anything can be done through dome9.
It is a firewall and intrusion detection system I wanted to use while transiting to SSL and a dedicated server. We have numerous external links popping up from Russian porn sites.

**GreyGeek** · Jan 13, 2015, 07:19 PM

Uninstalling dome0 ( did you use the --purge option?) should have removed directories and config files (not in your account dir, though). Besides using "Users" in Settings you can use deluser (also called userdel) in a Konsole.
sudo deluser OSSEC

If you get an error check with the man pages. I haven't use these terminal commands in years.

EDIT: I looked up a web page: http://www.debianadmin.com/users-and....html#more-106

**PJJ** · Jan 14, 2015, 02:51 PM

GreyGeek,
I used --purge. The files are gone. But the icon remains on the login screen.
Used your delete suggestion.
Result:

sudo deluser OSSEC
[sudo] password for pete:
/usr/sbin/deluser: The user `OSSEC' does not exist.
pete@pj:~$

But the icon clutters my desktop.

I thank you and all who gave me advice. Though OSSEC does not want to leave me to my fate, I consider the issue solved.

**kubicle** · Jan 14, 2015, 03:21 PM

Originally posted by PJJ View Post

sudo deluser OSSEC
[sudo] password for pete:
/usr/sbin/deluser: The user `OSSEC' does not exist.

usernames are case sensitive, and considering the user's home directory was /var/lib/dome9/ossec, the actual username is probably ossec and not OSSEC (OSSEC can be the "full name" of the user in question and shown on the login screen).

so I'd try "sudo deluser ossec" to try to remove the user.

**GreyGeek** · Jan 14, 2015, 04:35 PM

kubicle is right. I used "OSSEC" because in your first post you stated

I discovered a mystery user named OSSEC on the login screen. I did not create this user.

, and assumed that the app used upper case in the name, as you listed it.

**PJJ** · Jan 14, 2015, 08:59 PM

That got rid of the icon:

sudo deluser ossec
[sudo] password for pete:
Removing user `ossec' ...
Warning: group `ossec' has no more members.
Done.

No more icon on login screen. Problem solved.
Thank you all.

**kubicle** · Jan 14, 2015, 10:26 PM

Originally posted by PJJ View Post

Warning: group `ossec' has no more members.

if you also want to remove the left over primary group for ossec (which is now empty), you can run "sudo delgroup ossec"

**PJJ** · Jan 15, 2015, 12:54 PM

I did not see the group 'ossec' at all.
Ran:

sudo delgroup ossec
[sudo] password for pete:
The group `ossec' does not exist.

That's it. No ossec/OSSEC or group ossec any longer.

I wanted to use 'ossec' for intrusion detection. But it interfered with other firewall(s) already in place. CloudFlare is one of them.

Thanks again for the valuable assistance.

Announcement

Mystery User Ossec

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment