The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

The service “p0f” is now operational

Discussion in 'General Discussion' started by Nirjonadda, Jun 16, 2015.

  1. Nirjonadda

    Nirjonadda Well-Known Member

    Joined:
    May 8, 2013
    Messages:
    150
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    Hello,

    Please let me know, What is the “p0f” Service? Look like is spam Name?
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,451
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Passive OS Fingerprinting Daemon
    https://documentation.cpanel.net/display/ALD/Service+Manager
     
  3. santrix

    santrix Well-Known Member

    Joined:
    Nov 30, 2008
    Messages:
    223
    Likes Received:
    2
    Trophy Points:
    18
    Could you elucidate? Visitors to what services? What events/alerts? Could you give an example of the kind of data the service adds to the alerts? And where is the fingerprinting results data logged? Sorry, but there just isn't sufficient description of what this does for us to make an informed decision whether to use it or not. Thanks.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,451
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Sure, here you go.
    systememails.jpg
     
  5. madsere

    madsere Well-Known Member

    Joined:
    Apr 7, 2004
    Messages:
    49
    Likes Received:
    2
    Trophy Points:
    8
    cPanel Access Level:
    DataCenter Provider
    So what is this? A mail or a page from Cpanel or from WHM? I have installed p0f but fail to understand what it brings to the table, other than considerable system load. Can you point to some practical documentation?
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,451
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  7. madsere

    madsere Well-Known Member

    Joined:
    Apr 7, 2004
    Messages:
    49
    Likes Received:
    2
    Trophy Points:
    8
    cPanel Access Level:
    DataCenter Provider
    No, sorry but I think you missed my point. I don't want to remove it. I want to understand why it is useful, i.e. a page explaining what it does, and how I can use that information.

    Your documentation just says "The Passive OS Fingerprinting daemon reports the visitor's operating system and other information for email notifications. This information helps you quickly identify visitors that trigger events that cause alerts." Ok, fine, but I don't recall seeing any mail notifications with any p0s or fingerprinting information. I get other mail from the server of course.
     
    sonicthoughts likes this.
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,451
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Did you see the attachment posted above? The information is on the bottom of that email. Post #4 in that other thread has some more details as well.
     
  9. madsere

    madsere Well-Known Member

    Joined:
    Apr 7, 2004
    Messages:
    49
    Likes Received:
    2
    Trophy Points:
    8
    cPanel Access Level:
    DataCenter Provider
    I saw the attachment and replied in Post #5 asking what it was and explaining that I have so far not received any such mail. Who is it sent to, the WHM admin or the Cpanel customer?

    I saw the thread, and already explained in Post #7 that I would like more details about it.

    If the attachment in Post #4 is the all p0f brings to the table, it really isn't worth the load it puts on the server and I think we'll disable it.
     
  10. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,451
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Both. The one I added a screenshot of is to the Server Administrator.

    What cPanel tier are you running?

    What details are you missing after reading those links posted in the other thread?

    The details are there to do that if you wish. I'd open a ticket to cPanel Technical Support to ask about the load issues you're seeing though.

    I find the additional details in the emails of value. YMMV of course.
     
  11. madsere

    madsere Well-Known Member

    Joined:
    Apr 7, 2004
    Messages:
    49
    Likes Received:
    2
    Trophy Points:
    8
    cPanel Access Level:
    DataCenter Provider
    RELEASE, currently WHM 11.50.0 (build 29)

    Hard to say without knowing what's available, just thought the available details are a bit sketchy.

    This is the kind of load p0f put on 4 VPS servers on one hardware node, mysql is the only other single piece of software consuming this much cpu power

    Code:
    # top -cbn1 | grep p0f
       3438 32011     20   0 12980 4876 4324 R 100.0  0.0   8928:01 /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d
       3602 32011     20   0 12868 4712 4320 S  0.0  0.0   2505:20 /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -
       4488 32011     20   0  9952 1856  336 S  0.0  0.0  68:27.29 /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -
      17234 32011     20   0 13420 5388 4460 S  0.0  0.0  14:57.61 /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -
    716406 root      20   0  100m  864  752 S  0.0  0.0   0:00.00 grep p0f
    
    
     
    #11 madsere, Aug 23, 2015
    Last edited by a moderator: Aug 23, 2015
    sonicthoughts likes this.
  12. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,451
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Open a ticket and ask about it.
     
  13. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Internal case CPANEL-699 aims to improve the performance for passive OS fingerprinting:

    Fixed case CPANEL-699: Avoid p0f watching port 80 and 443 for performance reasons.

    It's included with cPanel version 11.52, which is currently only available in the "Edge" build tier.

    Thank you.
     
  14. sonicthoughts

    sonicthoughts Well-Known Member

    Joined:
    Apr 4, 2011
    Messages:
    61
    Likes Received:
    3
    Trophy Points:
    8
    Is this documented anywhere? I'm trying to understand what this is used for, if it is useful, can it be configured, is it compatible with openvz? It's consuming a lot of CPU!
     
  15. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Yes, per the Service Manager document:

    The Passive OS Fingerprinting daemon. This service reports the visitor's operating system and other information for email notifications. This information will help you quickly identify visitors that trigger events which cause alerts.

    Thank you.
     
  16. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,130
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    So, if I don't use cpHulk, does p0f becomes useless or is it used in any other email notification? I do use CSF instead cpHulk, but not sure if by doing so, the p0f becomes useless and hence, I may deactivate it.

    Can anybody from staff confirm this?
     
  17. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    It's used in other email notifications (e.g. Password Change notifications, New Account notifications). However, note that it's not required so you can disable it and notifications will still work.

    Thank you.
     
Loading...

Share This Page