SOLVED Exessive resources /usr/bin/python3 -c from pyovpn.cserv.wserv_entry

[jeffschips]

Hello - I'm trying to track down the source of this misery which seems related to an openvpn_as server and which reports at the same minute every hour. I do have that server but no cron at that minute. Anyone any suggestions on how to trouble-shoot? Only started yesterday. Thanks.

Time: Wed Jun 16 08:19:03 2021 -0400
Account: openvpn_as
Resource: Process Time
Exceeded: 27084 > 1800 (seconds)
Executable: /usr/bin/python3.6
Command Line: /usr/bin/python3 -c from pyovpn.cserv.wserv_entry import start ; start() -no -u openvpn_as -g openvpn_as --pidfile /usr/local/openvpn_as/etc/tmp/wserv.pid -r epoll
PID: 2069 (Parent PID:909)
Killed: No

 

[jeffschips]

Also seeing the following in attempts to track down:

[root@xxxxx ~]# ps -e | grep $909
909 ? 00:00:19 python3
[root@xxxx ~]# ps -e | grep $2069
1069 ? 00:00:00 run-script
2069 ? 00:00:14 python3

 

[cPRex]

Hey hey! I don't think there's anything related to cPanel on this one. The notification is from CSF, and the process being mentioned isn't something that is part of the bundled cPanel tools. If the process is running fine and you're not seeing issues, it's just CSF being over-sensitive, and you can whitelist it:

Disable alert from CSF for Excessive resource usage?

hello please help anyone... im very new with cpanel i just received email alert like 10 emails per 10 second its huge emails, like 300 emails per hours or more and i want to know how to stop alert notification from root for Excessive resource usage: Virtual Memory in WHM where location to...

forums.cpanel.net

 

[jeffschips]

Hi @cPRex. Thanks. Yes, I agree this is not related specifically to Cpanel. I've reached out to openvpn AS group and will report back with findings. I know I can ignore it but don't know if that's a good thing given that I've been running this server for a while and this just started.,

 

[cPRex]

Definitely - any changes, even ones that seem to make things better, are worthy of investigation.

 

[jeffschips]

SOLVED: I received a message from the folks at openvpn Access Server who said these messages do not indicate a compromise with the server or openvpn AC and the excessive resources is due to the heavy workload of encryption and decryption of data and suggest to put the openvpnas on a separate server.

 

[cPRex]

Nice - I'm glad they were familiar with how that interacts with CSF.