3 files changed, 13 insertions, 3 deletions

diff --git a/system/ossec-local/README b/system/ossec-local/README
index 955a80fcad..f973332031 100644
--- a/system/ossec-local/README
+++ b/system/ossec-local/README
@@ -1,3 +1,5 @@
 OSSEC is an Open Source Host-based Intrusion Detection System that performs log
 analysis, file integrity checking, policy monitoring, rootkit detection,
 real-time alerting and active response.
+
+See README.SLACKWARE for installation instructions.
diff --git a/system/ossec-local/README.SLACKWARE b/system/ossec-local/README.SLACKWARE
index e07808bfc6..14aba4be39 100644
--- a/system/ossec-local/README.SLACKWARE
+++ b/system/ossec-local/README.SLACKWARE
@@ -1,3 +1,11 @@
+These users and group need to be added:
+
+  groupadd -g 333 ossec
+  useradd  -u 333 -g 333 -d /var/ossec -s /bin/false ossec
+  useradd  -u 334 -g 333 -d /var/ossec -s /bin/false ossecm
+  useradd  -u 335 -g 333 -d /var/ossec -s /bin/false ossecr
+
+
 You may wish to add these lines to /etc/rc.d/rc.local to start the service:
 
 if [ -x /etc/rc.d/rc.ossec ]; then
diff --git a/system/ossec-local/ossec-local.SlackBuild b/system/ossec-local/ossec-local.SlackBuild
index b7047d6e92..f082ab96cd 100644
--- a/system/ossec-local/ossec-local.SlackBuild
+++ b/system/ossec-local/ossec-local.SlackBuild
@@ -62,7 +62,7 @@ USERID_REMOTE=${USERID_REMOTE:-335}
 GROUPID=${GROUPID:-333}
 
 if ! grep ^ossec: /etc/group 2>&1 > /dev/null \
-|| ! grep -E '^(ossec|ossecm|ossecr):' /etc/passwd 2>&1 > /dev/null; then
+     || ! grep -E '^(ossec|ossecm|ossecr):' /etc/passwd 2>&1 > /dev/null; then
   echo -e "\n  You must have ossec users and a group to run this script\n"
 fi
 
@@ -86,9 +86,9 @@ if ! grep ^ossecr: /etc/passwd 2>&1 > /dev/null; then
 fi
 
 if ! grep ^ossec: /etc/group 2>&1 > /dev/null \
-|| ! grep -E '^(ossec|ossecm|ossecr):' /etc/passwd 2>&1 > /dev/null; then
+     || ! grep -E '^(ossec|ossecm|ossecr):' /etc/passwd 2>&1 > /dev/null; then
   echo
-  exit
+  exit 1
 fi
 
 set -e