The service p0f is now operational
Hello,
Please let me know, What is the "p0f" Service? Look like is spam Name?
-
Could you elucidate? Visitors to what services? What events/alerts? Could you give an example of the kind of data the service adds to the alerts? And where is the fingerprinting results data logged? Sorry, but there just isn't sufficient description of what this does for us to make an informed decision whether to use it or not. Thanks. 0 -
Could you give an example of the kind of data the service adds to the alerts?
Sure, here you go.0 -
So what is this? A mail or a page from Cpanel or from WHM? I have installed p0f but fail to understand what it brings to the table, other than considerable system load. Can you point to some practical documentation? 0 -
This thread may be of some use to you: Uninstall,remove or disable p0f/cpanelconnecttrack - cPanel Forums 0 -
No, sorry but I think you missed my point. I don't want to remove it. I want to understand why it is useful, i.e. a page explaining what it does, and how I can use that information. Your documentation just says "The Passive OS Fingerprinting daemon reports the visitor's operating system and other information for email notifications. This information helps you quickly identify visitors that trigger events that cause alerts." Ok, fine, but I don't recall seeing any mail notifications with any p0s or fingerprinting information. I get other mail from the server of course. 0 -
Did you see the attachment posted above? The information is on the bottom of that email. Post #4 in that other thread has some more details as well. 0 -
I saw the attachment and replied in Post #5 asking what it was and explaining that I have so far not received any such mail. Who is it sent to, the WHM admin or the Cpanel customer? I saw the thread, and already explained in Post #7 that I would like more details about it. If the attachment in Post #4 is the all p0f brings to the table, it really isn't worth the load it puts on the server and I think we'll disable it. 0 -
I saw the attachment and replied in Post #5 asking what it was and explaining that I have so far not received any such mail. Who is it sent to, the WHM admin or the Cpanel customer?
Both. The one I added a screenshot of is to the Server Administrator. What cPanel tier are you running?I saw the thread, and already explained in Post #7 that I would like more details about it.
What details are you missing after reading those links posted in the other thread?If the attachment in Post #4 is the all p0f brings to the table, it really isn't worth the load it puts on the server and I think we'll disable it.
The details are there to do that if you wish. I'd open a ticket to cPanel Technical Support to ask about the load issues you're seeing though. I find the additional details in the emails of value. YMMV of course.0 -
Both. The one I added a screenshot of is to the Server Administrator. What cPanel tier are you running?
RELEASE, currently WHM 11.50.0 (build 29) What details are you missing after reading those links posted in the other thread?
Hard to say without knowing what's available, just thought the available details are a bit sketchy. The details are there to do that if you wish. I'd open a ticket to cPanel Technical Support to ask about the load issues you're seeing though. I find the additional details in the emails of value. YMMV of course.
This is the kind of load p0f put on 4 VPS servers on one hardware node, mysql is the only other single piece of software consuming this much cpu power# top -cbn1 | grep p0f 3438 32011 20 0 12980 4876 4324 R 100.0 0.0 8928:01 /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d 3602 32011 20 0 12868 4712 4320 S 0.0 0.0 2505:20 /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d - 4488 32011 20 0 9952 1856 336 S 0.0 0.0 68:27.29 /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d - 17234 32011 20 0 13420 5388 4460 S 0.0 0.0 14:57.61 /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d - 716406 root 20 0 100m 864 752 S 0.0 0.0 0:00.00 grep p0f0 -
Open a ticket and ask about it. 0 -
This is the kind of load p0f put on 4 VPS servers on one hardware node, mysql is the only other single piece of software consuming this much cpu power
Hello :) Internal case CPANEL-699 aims to improve the performance for passive OS fingerprinting: Fixed case CPANEL-699: Avoid p0f watching port 80 and 443 for performance reasons. It's included with cPanel version 11.52, which is currently only available in the "Edge" build tier. Thank you.0 -
Is this documented anywhere? I'm trying to understand what this is used for, if it is useful, can it be configured, is it compatible with openvz? It's consuming a lot of CPU! 0 -
So, if I don't use cpHulk, does p0f becomes useless or is it used in any other email notification? I do use CSF instead cpHulk, but not sure if by doing so, the p0f becomes useless and hence, I may deactivate it.
It's used in other email notifications (e.g. Password Change notifications, New Account notifications). However, note that it's not required so you can disable it and notifications will still work. Thank you.0
Please sign in to leave a comment.
Comments
16 comments