check_cpanel_rpms - p0f Missing

izghitu

Well-Known Member
Aug 9, 2006
62
2
158
Hi,

I started getting lots of emails from the service manager that the p0f process is down.

I logged in to the server and when running /scripts/restartsrv_p0f I get:
Service Error
(XID xn5vu9) The system could not find the ?p0f? binary.

p0f has failed. Contact your system administrator if the service does not automagically recover.

If I run which p0f I get:
/sbin/p0f

[email protected] [~]# rpm -q p0f
p0f-3.09b-1.el7.x86_64

/script/upcp did not help.

How do I fix this?
Please help
 

ex300

Registered
Sep 16, 2016
1
1
3
Milan
cPanel Access Level
DataCenter Provider
Hi,
we had this problem too after cPanel upgrade.

Just do this command:

/usr/local/cpanel/scripts/check_cpanel_rpms --fix

It will fix RPMs problems, you should see and output like this:

Code:
[2016-09-16 09:11:26 +0200]   Problems were detected with cPanel-provided files which are RPM controlled.
[2016-09-16 09:11:26 +0200]   If you did not make these changes intentionally, you can correct them by running:
[2016-09-16 09:11:26 +0200]
[2016-09-16 09:11:26 +0200]   > /usr/local/cpanel/scripts/check_cpanel_rpms --fix
[2016-09-16 09:11:26 +0200]   The following RPMs are missing from your system:
[2016-09-16 09:11:26 +0200]   p0f-3.09b-1.cp1150

[2016-09-16 09:12:53 +0200]   Removing 0 broken rpms:
[2016-09-16 09:12:55 +0200]   Downloading [URL]http://httpupdate.cpanel.net/RPM/11.50/centos/7/x86_64/rpm.sha512[/URL]
[2016-09-16 09:12:55 +0200]   Successfully verified signature for cpanel (key types: release).
[2016-09-16 09:12:55 +0200]   Downloading [URL]http://httpupdate.cpanel.net/RPM/11.50/centos/7/x86_64/p0f-3.09b-1.cp1150.x86_64.rpm[/URL]
[2016-09-16 09:12:56 +0200]   Disabling service monitoring.
[2016-09-16 09:12:56 +0200]   Hooks system enabled.
[2016-09-16 09:12:56 +0200]   Checking for and running RPM::Versions 'pre' hooks for any RPMs about to be installed
[2016-09-16 09:12:56 +0200]   All required 'pre' hooks have been run
[2016-09-16 09:13:01 +0200]   No RPMS need to be uninstalled
[2016-09-16 09:13:01 +0200]   Installing new rpms: p0f-3.09b-1.cp1150.x86_64.rpm
[2016-09-16 09:13:01 +0200]   p0f-3.09b-1.cp1150.x86_64
[2016-09-16 09:13:02 +0200]   p0f-3.09b-1.el7.x86_64
[2016-09-16 09:13:02 +0200]   Hooks system enabled.
[2016-09-16 09:13:02 +0200]   Checking for and running RPM::Versions 'post' hooks for any RPMs about to be installed
[2016-09-16 09:13:02 +0200]   All required 'post' hooks have been run
[2016-09-16 09:13:02 +0200]   Restoring service monitoring.
Don't worry, it might take a while.
 
Last edited by a moderator:
  • Like
Reactions: Alexandre de Moraes

orudge

Member
Oct 31, 2004
20
5
153
United Kingdom
I've experienced the same problem. You likely have EPEL enabled on your server. Running:

/usr/local/cpanel/scripts/check_cpanel_rpms --fix

should reinstall the cPanel version of p0f. If you were to then run "yum upgrade", you'd see something like the following:

Code:
[email protected] [~]# yum upgrade
Loaded plugins: fastestmirror, rhnplugin, tsflags, universal-hooks
This system is receiving updates from CLN.
Loading mirror speeds from cached hostfile
* EA4: 185.69.232.245
* cloudlinux-x86_64-server-7: de-proxy.cl-mirror.net
* epel: mirror.example.net
Resolving Dependencies
--> Running transaction check
---> Package p0f.x86_64 0:3.09b-1.cp1150 will be updated
---> Package p0f.x86_64 0:3.09b-1.el7 will be an update
--> Finished Dependency Resolution
Basically, the EPEL version of p0f is being installed on top of the cPanel version. To fix it, I disabled EPEL:

yum-config-manager --disable epel

However, as there are packages from EPEL that we use on the server, it would be good if cPanel could coexist with it. I don't know if it's possible to exclude particular packages (i.e., p0f) from particular yum repositories - that would perhaps be a better fix.
 
Last edited by a moderator:
  • Like
Reactions: fidividi

caroseuk

Member
Aug 4, 2015
24
5
3
United kingdom
cPanel Access Level
Root Administrator
Hi all,

this morning we came into email notifications stating the following:

The system detected problems with the following cPanel-provided files that the RPM controls:

p0f-3.08b-8.cp1150 - Missing

If you did not make these changes intentionally, execute the following command as the root user to correct them:

/usr/local/cpanel/scripts/check_cpanel_rpms --fix

Should we run this command? We are assuming that the server during its daily updates has done something to the cPanel RPM and this is why it is erroring?

Please could someone advise?
 

SysSachin

Well-Known Member
Aug 23, 2015
604
49
28
India
cPanel Access Level
Root Administrator
Twitter
Hi,
Yes, you can run the command on your server.
If any RPM missing then the script will install missing RPM
 

izghitu

Well-Known Member
Aug 9, 2006
62
2
158
Ok, regardless that the process is running I still get the alerts saying it is down. It happens even if I disable the monitor from the service manager for p0f:
The service “p0f” appears to be down.

And in processes I can see it running:
32012 6585 0.3 0.0 11188 4844 ? Ss 10:49 0:09 /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0

Please help
 

caroseuk

Member
Aug 4, 2015
24
5
3
United kingdom
cPanel Access Level
Root Administrator
Thanks, I know I can run the file, but when upcp process next runs, surely this will update the package from EPEL again causing a repeat of this error message?

Should I add p0f* to the yum.conf exclude section and then re-run the /usr/local/cpanel/scripts/check_cpanel_rpms --fix script?

I would ideally like the EPEL repo and cPanel repos to work in unity so that errors like this don't keep re-occuring?
 

Satalink

Registered
Oct 7, 2015
3
1
3
Atlanta, GA
cPanel Access Level
Root Administrator
Hello,

i noticed WHM has new features and got upgraded, in Service status page in WHM i see p0f service has "Down" red icon.

Is this ok? What to do?

In Home »Service Configuration »Service Manager , this p0f service is ticked as Enabled..

Thank you

I started getting flooded with this notice this morning. I created a symbolic link between the old and the new and the service recovered fine. So there seems to be a hard coded path to the old in cpanel somewhere.

# cd /usr/local/cpanel/3rdparty/sbin
# ln -sn /usr/sbin/p0f p0f

In my case, .../3rdparty/sbin was empty, so I may go back and create a symbolic link for .../3rdparty/sbin to /usr/sbin . That way everything the system has in sbin will be available to cPanel's .../3rdparty/sbin path.

yeah, I went back and made that change.

# ps -ef | grep p0f
cpanelc+ 5810 1 0 08:39 ? 00:00:15 /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
 
Last edited:
  • Like
Reactions: Andres Camacho

Travis

Active Member
Apr 24, 2002
31
3
383
cPanel Access Level
Root Administrator
Hello Satalink,

This issue seems to be caused when EPEL is installed on the server. The version of p0f in EPEL ends up replacing the cPanel supplied version of p0f. To fix this please run /scripts/check_cpanel_rpms --fix

This should stop the emails from coming in.
 
  • Like
Reactions: Solokron

Faizal Kh

Registered
Sep 17, 2016
3
0
1
India
cPanel Access Level
DataCenter Provider
Me too has the same issue. The p0f service has been down for the last 5-6hours. Reboot didn't fix it and running the scripts update just gives the same error

Code:
[[email protected] centos]# /usr/local/cpanel/scripts/check_cpanel_rpms --fix
[2016-09-17 05:19:43 +0000]
[2016-09-17 05:19:43 +0000]   Problems were detected with cPanel-provided files which are RPM controlled.
[2016-09-17 05:19:43 +0000]   If you did not make these changes intentionally, you can correct them by running:
[2016-09-17 05:19:43 +0000]
[2016-09-17 05:19:43 +0000]   > /usr/local/cpanel/scripts/check_cpanel_rpms --fix
[2016-09-17 05:19:43 +0000]   The following RPMs are missing from your system:
[2016-09-17 05:19:43 +0000]   p0f-3.09b-1.cp1150
^C
[[email protected] centos]# /scripts/check_cpanel_rpms --fix
[2016-09-17 05:20:00 +0000]
[2016-09-17 05:20:00 +0000]   Problems were detected with cPanel-provided files which are RPM controlled.
[2016-09-17 05:20:00 +0000]   If you did not make these changes intentionally, you can correct them by running:
[2016-09-17 05:20:00 +0000]
[2016-09-17 05:20:00 +0000]   > /usr/local/cpanel/scripts/check_cpanel_rpms --fix
[2016-09-17 05:20:00 +0000]   The following RPMs are missing from your system:
[2016-09-17 05:20:00 +0000]   p0f-3.09b-1.cp1150
^C

I also tried a yum update and there seems to be some error with the epel repo

Code:
# yum update
Loaded plugins: fastestmirror, tsflags, universal-hooks
EA4                                                                                                                                              | 2.9 kB  00:00:00
base                                                                                                                                             | 3.6 kB  00:00:00
epel/x86_64/metalink                                                                                                                             | 5.9 kB  00:00:00
epel                                                                                                                                             | 4.3 kB  00:00:00
extras                                                                                                                                           | 3.4 kB  00:00:00
s3tools                                                                                                                                          | 1.3 kB  00:00:00
updates                                                                                                                                          | 3.4 kB  00:00:00
epel/x86_64/primary_db         FAILED                                                                                                 ]  0.0 B/s |    0 B  --:--:-- ETA
http://ftp.riken.jp/Linux/fedora/epel/7/x86_64/repodata/597b1f1a3c6695106bbd64e74500ee452ea92bf02a2c4a2978936faf2faf40d6-primary.sqlite.xz: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
To address this issue please refer to the below knowledge base article

https://access.redhat.com/articles/1320623

If above article doesn't help to resolve this issue please create a bug on https://bugs.centos.org/

epel/x86_64/primary_db         FAILED                                                                                                 ]  0.0 B/s |  44 kB  --:--:-- ETA
https://epel.mirror.angkasa.id/pub/epel/7/x86_64/repodata/597b1f1a3c6695106bbd64e74500ee452ea92bf02a2c4a2978936faf2faf40d6-primary.sqlite.xz: [Errno 14] HTTPS Error 404 - Not Found
Trying other mirror.
epel/x86_64/primary_db         FAILED                                                                                                 ] 172 kB/s | 167 kB  00:00:27 ETA
http://mirror.wanxp.id/epel/7/x86_64/repodata/597b1f1a3c6695106bbd64e74500ee452ea92bf02a2c4a2978936faf2faf40d6-primary.sqlite.xz: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
(1/2): epel/x86_64/updateinfo                                                                                                                    | 627 kB  00:00:01
epel/x86_64/primary_db         FAILED
http://mirror01.idc.hinet.net/EPEL/7/x86_64/repodata/597b1f1a3c6695106bbd64e74500ee452ea92bf02a2c4a2978936faf2faf40d6-primary.sqlite.xz: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
(2/2): epel/x86_64/primary_db                                                                                                                    | 4.2 MB  00:00:00
Loading mirror speeds from cached hostfile
* EA4: 103.53.192.34
* base: centos.webwerks.com
* epel: epel.mirror.net.in
* extras: centos.webwerks.com
* updates: centos.webwerks.com
No packages marked for update

Please help. Doesn't this mean firewall is down? Without it, I cannot image the number of attacks that have taken place.
 

Dradden45

Active Member
Sep 7, 2012
37
2
8
cPanel Access Level
Root Administrator
I have the same issue. epel is installed.

/scripts/check_cpanel_rpms --fix

I ran yesterday and still have the same issue today (update generated same warning)
 

caroseuk

Member
Aug 4, 2015
24
5
3
United kingdom
cPanel Access Level
Root Administrator
Can cPanel advise on this issue then? As no one should have to keep running the --fix command every day??

I understand that we could just disable the EPEL repo, but we need it for other software on the server.

There must be something we can do surely?

Any cPanel/WHM folks able to help?
 

rpvw

Well-Known Member
Jul 18, 2013
1,100
472
113
UK
cPanel Access Level
Root Administrator
Have you tried adding to your /etc/yum.repos.d/epel.repo file
Code:
includepkgs=xyz 123 abc*
where xyz, 123 are the package names you want this repo to update, and abc* is all packages starting with abc (packages should be separated with a space)

This is a bit of a pain if you are using EPEL for a lot of packages, but if it is only a few, it is relatively easy

Please Note : This applies to yum for CentOS 6x - for version 7 you may have to do some research into whether the syntax has changed or not.
 
Last edited: