I found in my /etc/passwd file that there are three "extra" users that cannot login but are listed.
ossec ossecm ossecr What are these for? I know they are attached to the Ossec HIDs software but can anyone explain what these users are for? I think they might be the reason I keep getting checksum rule fires from Ossec itself.
