Skip to main content

p0f maxing out CPU core?

Comments

14 comments

  • 24x7ss
    Hello, Did you try to see what is running under that process ? do below and share the output: lsof -p pid
    0
  • per.hertz
    I have the same symptoms, i.e. p0f maxing out cpu - this is the result of a lsof -p [pid]:
    COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME p0f 3740 cpanelconnecttrack cwd DIR 252,5 4096 4719863 /var/cpanel/userhomes/cpanelconnecttrack p0f 3740 cpanelconnecttrack rtd DIR 252,5 4096 4719863 /var/cpanel/userhomes/cpanelconnecttrack p0f 3740 cpanelconnecttrack txt REG 252,5 358547 15074803 /usr/local/cpanel/3rdparty/sbin/p0f p0f 3740 cpanelconnecttrack DEL REG 252,5 17432978 /lib64/libnss_files-2.12.so p0f 3740 cpanelconnecttrack mem REG 0,6 73627162 socket:[73627162] (stat: No such file or directory) p0f 3740 cpanelconnecttrack DEL REG 252,5 17432680 /lib64/libc-2.12.so p0f 3740 cpanelconnecttrack DEL REG 252,5 12980880 /usr/lib64/libpcap.so.1.4.0 p0f 3740 cpanelconnecttrack DEL REG 252,5 17432604 /lib64/ld-2.12.so p0f 3740 cpanelconnecttrack 0r CHR 1,3 0t0 3793 /dev/null p0f 3740 cpanelconnecttrack 1w REG 252,5 541 4723497 /var/run/restartsrv/startup/p0f p0f 3740 cpanelconnecttrack 2w REG 252,5 541 4723497 /var/run/restartsrv/startup/p0f p0f 3740 cpanelconnecttrack 3u pack 73627162 0t0 ALL type=SOCK_DGRAM p0f 3740 cpanelconnecttrack 4u unix 0xffff8802182f52c0 0t0 73627163 /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket
    top shows:
    0
  • brt
    Results below. It's been at 100% cpu all morning today. Server is otherwise working fine, it appears, but if I would reboot, p0f wouldn't be maxing out like this, which makes me think it's a glitch more than it's actually doing anything...
    0
  • per.hertz
    Same observation here. Rebooting takes the heat off for a while, then it builds up again over some hours.
    0
  • cPanelMichael
    Hello :) Internal case CPANEL-699 aims to improve the performance for passive OS fingerprinting: Fixed case CPANEL-699: Avoid p0f watching port 80 and 443 for performance reasons. It's included with cPanel version 11.52, which is currently only available in the "Edge" build tier. Thank you.
    0
  • brt
    Any ETA as to when that will hit RELEASE? This is a constant, every day - all day thing I'm seeing, and it's -always- p0f running at 99/100% on one core.
    0
  • cPanelMichael
    New Any ETA as to when that will hit RELEASE? This is a constant, every day - all day thing I'm seeing, and it's -always- p0f running at 99/100% on one core.

    There's currently no specific time frame, however you can disable it via "WHM >> Service Configuration >> Service Manager" in the meantime. It's named "Passive OS Fingerprinting Daemon". Thank you.
    0
  • brt
    What is the risk in disabling it? I'm not sure exactly what it does...
    0
  • cPanelMichael
    The Passive OS Fingerprinting daemon reports the visitor's operating system and other information for email notifications. This information helps you quickly identify visitors that trigger events that cause alerts. Thank you.
    0
  • sonicthoughts
    killing cpu here too. please update this thread when released.
    0
  • cPanelMichael
    killing cpu here too. please update this thread when released.

    Could you verify which version of cPanel is installed on your system? Internal case CPANEL-699 is already included with all 11.52 release tiers. Thank you.
    0
  • per.hertz
    Until released, I've added a process restart each hour to cron. That keeps the system manageable. /Per Hertz
    0
  • brt
    This may be a dumb question, but which service(s) are you restarting / what script are you using to do so? This is still affecting us. We're running 11.52.1.2 RELEASE.
    0
  • cPanelMichael
    This is still affecting us. We're running 11.52.1.2 RELEASE.

    Could you open a support ticket using the link in my signature and reference case CPANEL-2092? You can post the ticket number here so we can update this thread with the outcome. Thank you.
    0

Please sign in to leave a comment.