The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Uninstall,remove or disable p0f/cpanelconnecttrack

Discussion in 'General Discussion' started by shadowone, Jul 8, 2015.

  1. shadowone

    shadowone Member

    Joined:
    Feb 25, 2015
    Messages:
    10
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    When we updated cPanel to 11.50 on one of our servers we ticked the new p0f feature. Now we want it gone.

    We untick the p0f-cpanelsync options Enabled and Monitor in WHM->Service Configuration->Service Managerbut but nothing happened. When we kill the processes it restores it self. Also we are still receiving Excessive resource usage: cpanelconnecttrack (315802 (Parent PID:315802)).

    So how can we uninstall /remove/disable it?
     
    #1 shadowone, Jul 8, 2015
    Last edited: Jul 8, 2015
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Code:
    exe:/usr/local/cpanel/3rdparty/sbin/p0f
    
    That should fix the resource usage alerts for you easy enough.
     
  3. shadowone

    shadowone Member

    Joined:
    Feb 25, 2015
    Messages:
    10
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    I am aware of the resource usage alerts and removing them is not my goal.
    I want to completely disable/remove this service from my system.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I am aware of what you're looking to do, there really should be no reason to though.

    Passive OS fingerprinting (p0f) - cPanel Release Notes

    Service Manager Service daemons - cPanel Documentation
    More Info:
    Intrusion Detection FAQ: What is p0f and what does it do? sans.org


    With the above details in mind, why would you want it "gone"?
     
  5. shadowone

    shadowone Member

    Joined:
    Feb 25, 2015
    Messages:
    10
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    I am aware of the Documentation but i don't need it, so please post only if you know how to remove/disable it.
     
    feldon27 likes this.
  6. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello,

    Can you try going through the feature showcase again to see if this will remove it for you? It did work for me to disable it in WHM's Service Manager (unchecking enabled and monitor), although the rpm is still existing on my system after that:

    Code:
    # rpm -qa | grep -i p0f
    p0f-3.08b-4.cp1150.x86_64
    Now, to see if disabling it in the feature showcase works, you can get the feature showcase to show on WHM new login again by doing the following:

    Code:
    cd /var/cpanel/activate && mv features features.bak.`date +%F`
    This will cause the next WHM new login to show the feature showcase again. Then you should be able to select to not enable it this time and Save the settings. If that does not work, you can try removing the rpm for p0f entirely and setting it to uninstalled:

    Code:
    rpm -qa | grep -i ^p0f-3 | xargs rpm -e --nodeps --justdb
    /usr/local/cpanel/scripts/update_local_rpm_versions --edit target_settings.p0f uninstalled
    /scripts/check_cpanel_rpms--fix --targets=p0f
    This ensures that p0f cannot be reinstalled on cPanel updates. If this still does not work to fix the issue for you, please submit a ticket using WHM's Support >> Support Center area for the Contact cPanel >> Submit a Support Request link.

    Thanks!
     
    #6 cPanelTristan, Jul 9, 2015
    Last edited by a moderator: Jul 9, 2015
    Infopro likes this.
  7. shadowone

    shadowone Member

    Joined:
    Feb 25, 2015
    Messages:
    10
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Thanks for posting. It was a smart move to provoke feature showcase to pop up again.
    Anyway, we disabled the feature from the Service Manager.
    Everyone is saying (uncheck enabled and monitor p0f-cpanelsync), but there is another thick --> Passive OS Fingerprinting Daemon. That is the most important :)
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  9. wswd

    wswd Well-Known Member

    Joined:
    Aug 9, 2005
    Messages:
    112
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    I agree with the OP. This uses a ridiculous amount of resources on our servers as well. Probably time for us to disable it too until the issues are fixed.
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Internal case CPANEL-699 aims to improve the performance for passive OS fingerprinting:

    Fixed case CPANEL-699: Avoid p0f watching port 80 and 443 for performance reasons.

    It's included with cPanel version 11.52, which is currently only available in the "Edge" build tier.

    Thank you.
     
Loading...

Share This Page