The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

check_cpanel_rpms - p0f Missing

Discussion in 'General Discussion' started by izghitu, Sep 16, 2016.

Tags:
  1. izghitu

    izghitu Well-Known Member

    Joined:
    Aug 9, 2006
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    Hi,

    I started getting lots of emails from the service manager that the p0f process is down.

    I logged in to the server and when running /scripts/restartsrv_p0f I get:
    Service Error
    (XID xn5vu9) The system could not find the ?p0f? binary.

    p0f has failed. Contact your system administrator if the service does not automagically recover.

    If I run which p0f I get:
    /sbin/p0f

    root@server4 [~]# rpm -q p0f
    p0f-3.09b-1.el7.x86_64

    /script/upcp did not help.

    How do I fix this?
    Please help
     
  2. ex300

    ex300 Registered

    Joined:
    Sep 16, 2016
    Messages:
    1
    Likes Received:
    1
    Trophy Points:
    1
    Location:
    Milan
    cPanel Access Level:
    DataCenter Provider
    Hi,
    we had this problem too after cPanel upgrade.

    Just do this command:

    /usr/local/cpanel/scripts/check_cpanel_rpms --fix

    It will fix RPMs problems, you should see and output like this:

    Code:
    [2016-09-16 09:11:26 +0200]   Problems were detected with cPanel-provided files which are RPM controlled.
    [2016-09-16 09:11:26 +0200]   If you did not make these changes intentionally, you can correct them by running:
    [2016-09-16 09:11:26 +0200]
    [2016-09-16 09:11:26 +0200]   > /usr/local/cpanel/scripts/check_cpanel_rpms --fix
    [2016-09-16 09:11:26 +0200]   The following RPMs are missing from your system:
    [2016-09-16 09:11:26 +0200]   p0f-3.09b-1.cp1150
    
    [2016-09-16 09:12:53 +0200]   Removing 0 broken rpms:
    [2016-09-16 09:12:55 +0200]   Downloading [URL]http://httpupdate.cpanel.net/RPM/11.50/centos/7/x86_64/rpm.sha512[/URL]
    [2016-09-16 09:12:55 +0200]   Successfully verified signature for cpanel (key types: release).
    [2016-09-16 09:12:55 +0200]   Downloading [URL]http://httpupdate.cpanel.net/RPM/11.50/centos/7/x86_64/p0f-3.09b-1.cp1150.x86_64.rpm[/URL]
    [2016-09-16 09:12:56 +0200]   Disabling service monitoring.
    [2016-09-16 09:12:56 +0200]   Hooks system enabled.
    [2016-09-16 09:12:56 +0200]   Checking for and running RPM::Versions 'pre' hooks for any RPMs about to be installed
    [2016-09-16 09:12:56 +0200]   All required 'pre' hooks have been run
    [2016-09-16 09:13:01 +0200]   No RPMS need to be uninstalled
    [2016-09-16 09:13:01 +0200]   Installing new rpms: p0f-3.09b-1.cp1150.x86_64.rpm
    [2016-09-16 09:13:01 +0200]   p0f-3.09b-1.cp1150.x86_64
    [2016-09-16 09:13:02 +0200]   p0f-3.09b-1.el7.x86_64
    [2016-09-16 09:13:02 +0200]   Hooks system enabled.
    [2016-09-16 09:13:02 +0200]   Checking for and running RPM::Versions 'post' hooks for any RPMs about to be installed
    [2016-09-16 09:13:02 +0200]   All required 'post' hooks have been run
    [2016-09-16 09:13:02 +0200]   Restoring service monitoring.
    Don't worry, it might take a while.
     
    #2 ex300, Sep 16, 2016
    Last edited by a moderator: Sep 16, 2016
    Alexandre de Moraes likes this.
  3. Xtranetsa

    Xtranetsa Registered

    Joined:
    Sep 7, 2016
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    Hi there - Did you manage to find a fix for this? I am having the same issue which started earlier today!
     
  4. orudge

    orudge Member

    Joined:
    Oct 31, 2004
    Messages:
    14
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    United Kingdom
    I've experienced the same problem. You likely have EPEL enabled on your server. Running:

    /usr/local/cpanel/scripts/check_cpanel_rpms --fix

    should reinstall the cPanel version of p0f. If you were to then run "yum upgrade", you'd see something like the following:

    Code:
    root@server [~]# yum upgrade
    Loaded plugins: fastestmirror, rhnplugin, tsflags, universal-hooks
    This system is receiving updates from CLN.
    Loading mirror speeds from cached hostfile
    * EA4: 185.69.232.245
    * cloudlinux-x86_64-server-7: de-proxy.cl-mirror.net
    * epel: mirror.example.net
    Resolving Dependencies
    --> Running transaction check
    ---> Package p0f.x86_64 0:3.09b-1.cp1150 will be updated
    ---> Package p0f.x86_64 0:3.09b-1.el7 will be an update
    --> Finished Dependency Resolution
    
    
    Basically, the EPEL version of p0f is being installed on top of the cPanel version. To fix it, I disabled EPEL:

    yum-config-manager --disable epel

    However, as there are packages from EPEL that we use on the server, it would be good if cPanel could coexist with it. I don't know if it's possible to exclude particular packages (i.e., p0f) from particular yum repositories - that would perhaps be a better fix.
     
    #4 orudge, Sep 16, 2016
    Last edited by a moderator: Sep 16, 2016
    fidividi likes this.
  5. Chris Rose

    Chris Rose Member

    Joined:
    Aug 4, 2015
    Messages:
    17
    Likes Received:
    4
    Trophy Points:
    3
    Location:
    United kingdom
    cPanel Access Level:
    Root Administrator
    Hi all,

    this morning we came into email notifications stating the following:

    The system detected problems with the following cPanel-provided files that the RPM controls:

    p0f-3.08b-8.cp1150 - Missing

    If you did not make these changes intentionally, execute the following command as the root user to correct them:

    /usr/local/cpanel/scripts/check_cpanel_rpms --fix

    Should we run this command? We are assuming that the server during its daily updates has done something to the cPanel RPM and this is why it is erroring?

    Please could someone advise?
     
  6. izghitu

    izghitu Well-Known Member

    Joined:
    Aug 9, 2006
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    This helped, thanks for you help!
     
  7. SysSachin

    SysSachin Well-Known Member

    Joined:
    Aug 23, 2015
    Messages:
    335
    Likes Received:
    25
    Trophy Points:
    28
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hi,
    Yes, you can run the command on your server.
    If any RPM missing then the script will install missing RPM
     
  8. izghitu

    izghitu Well-Known Member

    Joined:
    Aug 9, 2006
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    Ok, regardless that the process is running I still get the alerts saying it is down. It happens even if I disable the monitor from the service manager for p0f:
    The service “p0f” appears to be down.

    And in processes I can see it running:
    32012 6585 0.3 0.0 11188 4844 ? Ss 10:49 0:09 /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0

    Please help
     
  9. Chris Rose

    Chris Rose Member

    Joined:
    Aug 4, 2015
    Messages:
    17
    Likes Received:
    4
    Trophy Points:
    3
    Location:
    United kingdom
    cPanel Access Level:
    Root Administrator
    Thanks, I know I can run the file, but when upcp process next runs, surely this will update the package from EPEL again causing a repeat of this error message?

    Should I add p0f* to the yum.conf exclude section and then re-run the /usr/local/cpanel/scripts/check_cpanel_rpms --fix script?

    I would ideally like the EPEL repo and cPanel repos to work in unity so that errors like this don't keep re-occuring?
     
  10. Satalink

    Satalink Registered

    Joined:
    Oct 7, 2015
    Messages:
    3
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Atlanta, GA
    cPanel Access Level:
    Root Administrator

    I started getting flooded with this notice this morning. I created a symbolic link between the old and the new and the service recovered fine. So there seems to be a hard coded path to the old in cpanel somewhere.

    # cd /usr/local/cpanel/3rdparty/sbin
    # ln -sn /usr/sbin/p0f p0f

    In my case, .../3rdparty/sbin was empty, so I may go back and create a symbolic link for .../3rdparty/sbin to /usr/sbin . That way everything the system has in sbin will be available to cPanel's .../3rdparty/sbin path.

    yeah, I went back and made that change.

    # ps -ef | grep p0f
    cpanelc+ 5810 1 0 08:39 ? 00:00:15 /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0
     
    #10 Satalink, Sep 16, 2016
    Last edited: Sep 16, 2016
    Andres Camacho likes this.
  11. Travis

    Travis Active Member
    Staff Member

    Joined:
    Apr 24, 2002
    Messages:
    28
    Likes Received:
    1
    Trophy Points:
    1
    Location:
    cPanel Main Office
    cPanel Access Level:
    Root Administrator
    Hello Satalink,

    This issue seems to be caused when EPEL is installed on the server. The version of p0f in EPEL ends up replacing the cPanel supplied version of p0f. To fix this please run /scripts/check_cpanel_rpms --fix

    This should stop the emails from coming in.
     
    Solokron likes this.
  12. Faizal Kh

    Faizal Kh Registered

    Joined:
    Sep 17, 2016
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    Me too has the same issue. The p0f service has been down for the last 5-6hours. Reboot didn't fix it and running the scripts update just gives the same error

    Code:
    [root@s71 centos]# /usr/local/cpanel/scripts/check_cpanel_rpms --fix
    [2016-09-17 05:19:43 +0000]
    [2016-09-17 05:19:43 +0000]   Problems were detected with cPanel-provided files which are RPM controlled.
    [2016-09-17 05:19:43 +0000]   If you did not make these changes intentionally, you can correct them by running:
    [2016-09-17 05:19:43 +0000]
    [2016-09-17 05:19:43 +0000]   > /usr/local/cpanel/scripts/check_cpanel_rpms --fix
    [2016-09-17 05:19:43 +0000]   The following RPMs are missing from your system:
    [2016-09-17 05:19:43 +0000]   p0f-3.09b-1.cp1150
    ^C
    [root@s71 centos]# /scripts/check_cpanel_rpms --fix
    [2016-09-17 05:20:00 +0000]
    [2016-09-17 05:20:00 +0000]   Problems were detected with cPanel-provided files which are RPM controlled.
    [2016-09-17 05:20:00 +0000]   If you did not make these changes intentionally, you can correct them by running:
    [2016-09-17 05:20:00 +0000]
    [2016-09-17 05:20:00 +0000]   > /usr/local/cpanel/scripts/check_cpanel_rpms --fix
    [2016-09-17 05:20:00 +0000]   The following RPMs are missing from your system:
    [2016-09-17 05:20:00 +0000]   p0f-3.09b-1.cp1150
    ^C

    I also tried a yum update and there seems to be some error with the epel repo

    Code:
    # yum update
    Loaded plugins: fastestmirror, tsflags, universal-hooks
    EA4                                                                                                                                              | 2.9 kB  00:00:00
    base                                                                                                                                             | 3.6 kB  00:00:00
    epel/x86_64/metalink                                                                                                                             | 5.9 kB  00:00:00
    epel                                                                                                                                             | 4.3 kB  00:00:00
    extras                                                                                                                                           | 3.4 kB  00:00:00
    s3tools                                                                                                                                          | 1.3 kB  00:00:00
    updates                                                                                                                                          | 3.4 kB  00:00:00
    epel/x86_64/primary_db         FAILED                                                                                                 ]  0.0 B/s |    0 B  --:--:-- ETA
    http://ftp.riken.jp/Linux/fedora/epel/7/x86_64/repodata/597b1f1a3c6695106bbd64e74500ee452ea92bf02a2c4a2978936faf2faf40d6-primary.sqlite.xz: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    To address this issue please refer to the below knowledge base article
    
    https://access.redhat.com/articles/1320623
    
    If above article doesn't help to resolve this issue please create a bug on https://bugs.centos.org/
    
    epel/x86_64/primary_db         FAILED                                                                                                 ]  0.0 B/s |  44 kB  --:--:-- ETA
    https://epel.mirror.angkasa.id/pub/epel/7/x86_64/repodata/597b1f1a3c6695106bbd64e74500ee452ea92bf02a2c4a2978936faf2faf40d6-primary.sqlite.xz: [Errno 14] HTTPS Error 404 - Not Found
    Trying other mirror.
    epel/x86_64/primary_db         FAILED                                                                                                 ] 172 kB/s | 167 kB  00:00:27 ETA
    http://mirror.wanxp.id/epel/7/x86_64/repodata/597b1f1a3c6695106bbd64e74500ee452ea92bf02a2c4a2978936faf2faf40d6-primary.sqlite.xz: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    (1/2): epel/x86_64/updateinfo                                                                                                                    | 627 kB  00:00:01
    epel/x86_64/primary_db         FAILED
    http://mirror01.idc.hinet.net/EPEL/7/x86_64/repodata/597b1f1a3c6695106bbd64e74500ee452ea92bf02a2c4a2978936faf2faf40d6-primary.sqlite.xz: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    (2/2): epel/x86_64/primary_db                                                                                                                    | 4.2 MB  00:00:00
    Loading mirror speeds from cached hostfile
    * EA4: 103.53.192.34
    * base: centos.webwerks.com
    * epel: epel.mirror.net.in
    * extras: centos.webwerks.com
    * updates: centos.webwerks.com
    No packages marked for update

    Please help. Doesn't this mean firewall is down? Without it, I cannot image the number of attacks that have taken place.
     
  13. BigIron

    BigIron Registered

    Joined:
    Sep 17, 2016
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    US
    cPanel Access Level:
    Root Administrator
    I'm having the same exact issue. Any idea what we need to do to fix it?
     
  14. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,481
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    This post should be helpful:
    p0f service shows "down" icon
     
  15. Dradden45

    Dradden45 Active Member

    Joined:
    Sep 7, 2012
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I have the same issue. epel is installed.

    /scripts/check_cpanel_rpms --fix

    I ran yesterday and still have the same issue today (update generated same warning)
     
  16. Chris Rose

    Chris Rose Member

    Joined:
    Aug 4, 2015
    Messages:
    17
    Likes Received:
    4
    Trophy Points:
    3
    Location:
    United kingdom
    cPanel Access Level:
    Root Administrator
    I just ran the --fix command and it appeared to fix it.

    I'm waiting for the next scheduled 'upcp' to run tonight to see if it succeeds or if it removes the p0f rpm again..

    Fingers crossed!
     
  17. fidividi

    fidividi Active Member

    Joined:
    Feb 15, 2013
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    That did it, hope cPanel will fix this conflict between their package and EPEL soon.
     
  18. OgreMHDW

    OgreMHDW Member

    Joined:
    Feb 2, 2015
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Henderson, Nevada, United Stat
    cPanel Access Level:
    Root Administrator
    I am having the same issue. I was able to run the --fix command to fix it yesterday but today the system did the upgrade check and broke it again. Is there a way to prevent cPanel from trying to "upgrade" p0f?
     
  19. Chris Rose

    Chris Rose Member

    Joined:
    Aug 4, 2015
    Messages:
    17
    Likes Received:
    4
    Trophy Points:
    3
    Location:
    United kingdom
    cPanel Access Level:
    Root Administrator
    Can cPanel advise on this issue then? As no one should have to keep running the --fix command every day??

    I understand that we could just disable the EPEL repo, but we need it for other software on the server.

    There must be something we can do surely?

    Any cPanel/WHM folks able to help?
     
  20. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    123
    Likes Received:
    36
    Trophy Points:
    28
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Have you tried adding to your /etc/yum.repos.d/epel.repo file
    Code:
    includepkgs=xyz 123 abc*
    where xyz, 123 are the package names you want this repo to update, and abc* is all packages starting with abc (packages should be separated with a space)

    This is a bit of a pain if you are using EPEL for a lot of packages, but if it is only a few, it is relatively easy

    Please Note : This applies to yum for CentOS 6x - for version 7 you may have to do some research into whether the syntax has changed or not.
     
    #20 rpvw, Sep 17, 2016
    Last edited: Sep 17, 2016
Loading...

Share This Page