The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

p0f maxing out CPU core?

Discussion in 'General Discussion' started by brt, Aug 21, 2015.

  1. brt

    brt Well-Known Member

    Joined:
    Jul 9, 2015
    Messages:
    46
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    MN
    cPanel Access Level:
    Root Administrator
    I've noticed the p0f process maxing out a CPU core (99/100%) for a matter of hours -- often 5+ hours solid -- throughout the day. Is this doing anything productive, or likely a glitch?
     
  2. 24x7ss

    24x7ss Well-Known Member

    Joined:
    Sep 30, 2014
    Messages:
    271
    Likes Received:
    16
    Trophy Points:
    18
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Did you try to see what is running under that process ? do below and share the output:

    lsof -p pid
     
  3. per.hertz

    per.hertz Registered

    Joined:
    Oct 14, 2014
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    I have the same symptoms, i.e. p0f maxing out cpu - this is the result of a lsof -p [pid]:

    Code:
    COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
    p0f 3740 cpanelconnecttrack cwd DIR 252,5 4096 4719863 /var/cpanel/userhomes/cpanelconnecttrack
    p0f 3740 cpanelconnecttrack rtd DIR 252,5 4096 4719863 /var/cpanel/userhomes/cpanelconnecttrack
    p0f 3740 cpanelconnecttrack txt REG 252,5 358547 15074803 /usr/local/cpanel/3rdparty/sbin/p0f
    p0f 3740 cpanelconnecttrack DEL REG 252,5 17432978 /lib64/libnss_files-2.12.so
    p0f 3740 cpanelconnecttrack mem REG 0,6 73627162 socket:[73627162] (stat: No such file or directory)
    p0f 3740 cpanelconnecttrack DEL REG 252,5 17432680 /lib64/libc-2.12.so
    p0f 3740 cpanelconnecttrack DEL REG 252,5 12980880 /usr/lib64/libpcap.so.1.4.0
    p0f 3740 cpanelconnecttrack DEL REG 252,5 17432604 /lib64/ld-2.12.so
    p0f 3740 cpanelconnecttrack 0r CHR 1,3 0t0 3793 /dev/null
    p0f 3740 cpanelconnecttrack 1w REG 252,5 541 4723497 /var/run/restartsrv/startup/p0f
    p0f 3740 cpanelconnecttrack 2w REG 252,5 541 4723497 /var/run/restartsrv/startup/p0f
    p0f 3740 cpanelconnecttrack 3u pack 73627162 0t0 ALL type=SOCK_DGRAM
    p0f 3740 cpanelconnecttrack 4u unix 0xffff8802182f52c0 0t0 73627163 /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket
    
    
    top shows:
    upload_2015-8-26_11-58-54.png
     
    #3 per.hertz, Aug 26, 2015
    Last edited by a moderator: Aug 26, 2015
  4. brt

    brt Well-Known Member

    Joined:
    Jul 9, 2015
    Messages:
    46
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    MN
    cPanel Access Level:
    Root Administrator
    Results below. It's been at 100% cpu all morning today. Server is otherwise working fine, it appears, but if I would reboot, p0f wouldn't be maxing out like this, which makes me think it's a glitch more than it's actually doing anything...
     

    Attached Files:

    • p0f.jpg
      p0f.jpg
      File size:
      60.8 KB
      Views:
      3
  5. per.hertz

    per.hertz Registered

    Joined:
    Oct 14, 2014
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    Same observation here. Rebooting takes the heat off for a while, then it builds up again over some hours.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Internal case CPANEL-699 aims to improve the performance for passive OS fingerprinting:

    Fixed case CPANEL-699: Avoid p0f watching port 80 and 443 for performance reasons.

    It's included with cPanel version 11.52, which is currently only available in the "Edge" build tier.

    Thank you.
     
  7. brt

    brt Well-Known Member

    Joined:
    Jul 9, 2015
    Messages:
    46
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    MN
    cPanel Access Level:
    Root Administrator
    Any ETA as to when that will hit RELEASE? This is a constant, every day - all day thing I'm seeing, and it's -always- p0f running at 99/100% on one core.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    There's currently no specific time frame, however you can disable it via "WHM >> Service Configuration >> Service Manager" in the meantime. It's named "Passive OS Fingerprinting Daemon".

    Thank you.
     
  9. brt

    brt Well-Known Member

    Joined:
    Jul 9, 2015
    Messages:
    46
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    MN
    cPanel Access Level:
    Root Administrator
    What is the risk in disabling it? I'm not sure exactly what it does...
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    The Passive OS Fingerprinting daemon reports the visitor's operating system and other information for email notifications. This information helps you quickly identify visitors that trigger events that cause alerts.

    Thank you.
     
  11. sonicthoughts

    sonicthoughts Well-Known Member

    Joined:
    Apr 4, 2011
    Messages:
    61
    Likes Received:
    3
    Trophy Points:
    8
    killing cpu here too. please update this thread when released.
     
  12. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you verify which version of cPanel is installed on your system? Internal case CPANEL-699 is already included with all 11.52 release tiers.

    Thank you.
     
  13. per.hertz

    per.hertz Registered

    Joined:
    Oct 14, 2014
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    Until released, I've added a process restart each hour to cron. That keeps the system manageable.
    /Per Hertz
     
  14. brt

    brt Well-Known Member

    Joined:
    Jul 9, 2015
    Messages:
    46
    Likes Received:
    5
    Trophy Points:
    8
    Location:
    MN
    cPanel Access Level:
    Root Administrator
    This may be a dumb question, but which service(s) are you restarting / what script are you using to do so?
    This is still affecting us. We're running 11.52.1.2 RELEASE.
     
  15. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you open a support ticket using the link in my signature and reference case CPANEL-2092? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
Loading...

Share This Page