check_cpanel_rpms - p0f Missing
Hi,
I started getting lots of emails from the service manager that the p0f process is down.
I logged in to the server and when running /scripts/restartsrv_p0f I get:
Service Error
(XID xn5vu9) The system could not find the ?p0f? binary.
p0f has failed. Contact your system administrator if the service does not automagically recover.
If I run which p0f I get:
/sbin/p0f
root@server4 [~]# rpm -q p0f
p0f-3.09b-1.el7.x86_64
/script/upcp did not help.
How do I fix this?
Please help
-
Hi, we had this problem too after cPanel upgrade. Just do this command: /usr/local/cpanel/scripts/check_cpanel_rpms --fix It will fix RPMs problems, you should see and output like this: [2016-09-16 09:11:26 +0200] Problems were detected with cPanel-provided files which are RPM controlled. [2016-09-16 09:11:26 +0200] If you did not make these changes intentionally, you can correct them by running: [2016-09-16 09:11:26 +0200] [2016-09-16 09:11:26 +0200] > /usr/local/cpanel/scripts/check_cpanel_rpms --fix [2016-09-16 09:11:26 +0200] The following RPMs are missing from your system: [2016-09-16 09:11:26 +0200] p0f-3.09b-1.cp1150 [2016-09-16 09:12:53 +0200] Removing 0 broken rpms: [2016-09-16 09:12:55 +0200] Downloading [2016-09-16 09:12:56 +0200] Disabling service monitoring. [2016-09-16 09:12:56 +0200] Hooks system enabled. [2016-09-16 09:12:56 +0200] Checking for and running RPM::Versions 'pre' hooks for any RPMs about to be installed [2016-09-16 09:12:56 +0200] All required 'pre' hooks have been run [2016-09-16 09:13:01 +0200] No RPMS need to be uninstalled [2016-09-16 09:13:01 +0200] Installing new rpms: p0f-3.09b-1.cp1150.x86_64.rpm [2016-09-16 09:13:01 +0200] p0f-3.09b-1.cp1150.x86_64 [2016-09-16 09:13:02 +0200] p0f-3.09b-1.el7.x86_64 [2016-09-16 09:13:02 +0200] Hooks system enabled. [2016-09-16 09:13:02 +0200] Checking for and running RPM::Versions 'post' hooks for any RPMs about to be installed [2016-09-16 09:13:02 +0200] All required 'post' hooks have been run [2016-09-16 09:13:02 +0200] Restoring service monitoring.
Don't worry, it might take a while.0 -
Hi there - Did you manage to find a fix for this? I am having the same issue which started earlier today! 0 -
I've experienced the same problem. You likely have EPEL enabled on your server. Running: /usr/local/cpanel/scripts/check_cpanel_rpms --fix should reinstall the cPanel version of p0f. If you were to then run "yum upgrade", you'd see something like the following: root@server [~]# yum upgrade Loaded plugins: fastestmirror, rhnplugin, tsflags, universal-hooks This system is receiving updates from CLN. Loading mirror speeds from cached hostfile * EA4: 185.69.232.245 * cloudlinux-x86_64-server-7: de-proxy.cl-mirror.net * epel: mirror.example.net Resolving Dependencies --> Running transaction check ---> Package p0f.x86_64 0:3.09b-1.cp1150 will be updated ---> Package p0f.x86_64 0:3.09b-1.el7 will be an update --> Finished Dependency Resolution
Basically, the EPEL version of p0f is being installed on top of the cPanel version. To fix it, I disabled EPEL: yum-config-manager --disable epel However, as there are packages from EPEL that we use on the server, it would be good if cPanel could coexist with it. I don't know if it's possible to exclude particular packages (i.e., p0f) from particular yum repositories - that would perhaps be a better fix.0 -
Hi all, this morning we came into email notifications stating the following: The system detected problems with the following cPanel-provided files that the RPM controls: p0f-3.08b-8.cp1150 - Missing If you did not make these changes intentionally, execute the following command as the root user to correct them: /usr/local/cpanel/scripts/check_cpanel_rpms --fix Should we run this command? We are assuming that the server during its daily updates has done something to the cPanel RPM and this is why it is erroring? Please could someone advise? 0 -
This helped, thanks for you help! 0 -
Hi, Yes, you can run the command on your server. If any RPM missing then the script will install missing RPM 0 -
Ok, regardless that the process is running I still get the alerts saying it is down. It happens even if I disable the monitor from the service manager for p0f: The service "p0f" appears to be down. And in processes I can see it running: 32012 6585 0.3 0.0 11188 4844 ? Ss 10:49 0:09 /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0 Please help 0 -
Thanks, I know I can run the file, but when upcp process next runs, surely this will update the package from EPEL again causing a repeat of this error message? Should I add p0f* to the yum.conf exclude section and then re-run the /usr/local/cpanel/scripts/check_cpanel_rpms --fix script? I would ideally like the EPEL repo and cPanel repos to work in unity so that errors like this don't keep re-occuring? 0 -
Hello, i noticed WHM has new features and got upgraded, in Service status page in WHM i see p0f service has "Down" red icon. Is this ok? What to do? In Home "Service Configuration "Service Manager, this p0f service is ticked as Enabled.. Thank you
I started getting flooded with this notice this morning. I created a symbolic link between the old and the new and the service recovered fine. So there seems to be a hard coded path to the old in cpanel somewhere. # cd /usr/local/cpanel/3rdparty/sbin # ln -sn /usr/sbin/p0f p0f In my case, .../3rdparty/sbin was empty, so I may go back and create a symbolic link for .../3rdparty/sbin to /usr/sbin . That way everything the system has in sbin will be available to cPanel's .../3rdparty/sbin path. yeah, I went back and made that change. # ps -ef | grep p0f cpanelc+ 5810 1 0 08:39 ? 00:00:15 /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==00 -
Hello Satalink, This issue seems to be caused when EPEL is installed on the server. The version of p0f in EPEL ends up replacing the cPanel supplied version of p0f. To fix this please run /scripts/check_cpanel_rpms --fix This should stop the emails from coming in. 0 -
Me too has the same issue. The p0f service has been down for the last 5-6hours. Reboot didn't fix it and running the scripts update just gives the same error [root@s71 centos]# /usr/local/cpanel/scripts/check_cpanel_rpms --fix [2016-09-17 05:19:43 +0000] [2016-09-17 05:19:43 +0000] Problems were detected with cPanel-provided files which are RPM controlled. [2016-09-17 05:19:43 +0000] If you did not make these changes intentionally, you can correct them by running: [2016-09-17 05:19:43 +0000] [2016-09-17 05:19:43 +0000] > /usr/local/cpanel/scripts/check_cpanel_rpms --fix [2016-09-17 05:19:43 +0000] The following RPMs are missing from your system: [2016-09-17 05:19:43 +0000] p0f-3.09b-1.cp1150 ^C [root@s71 centos]# /scripts/check_cpanel_rpms --fix [2016-09-17 05:20:00 +0000] [2016-09-17 05:20:00 +0000] Problems were detected with cPanel-provided files which are RPM controlled. [2016-09-17 05:20:00 +0000] If you did not make these changes intentionally, you can correct them by running: [2016-09-17 05:20:00 +0000] [2016-09-17 05:20:00 +0000] > /usr/local/cpanel/scripts/check_cpanel_rpms --fix [2016-09-17 05:20:00 +0000] The following RPMs are missing from your system: [2016-09-17 05:20:00 +0000] p0f-3.09b-1.cp1150 ^C
I also tried a yum update and there seems to be some error with the epel repo# yum update Loaded plugins: fastestmirror, tsflags, universal-hooks EA4 | 2.9 kB 00:00:00 base | 3.6 kB 00:00:00 epel/x86_64/metalink | 5.9 kB 00:00:00 epel | 4.3 kB 00:00:00 extras | 3.4 kB 00:00:00 s3tools | 1.3 kB 00:00:00 updates | 3.4 kB 00:00:00 epel/x86_64/primary_db FAILED ] 0.0 B/s | 0 B --:--:-- ETA http://ftp.riken.jp/Linux/fedora/epel/7/x86_64/repodata/597b1f1a3c6695106bbd64e74500ee452ea92bf02a2c4a2978936faf2faf40d6-primary.sqlite.xz: [Errno 14] HTTP Error 404 - Not Found Trying other mirror. To address this issue please refer to the below knowledge base article https://access.redhat.com/articles/1320623 If above article doesn't help to resolve this issue please create a bug on https://bugs.centos.org/ epel/x86_64/primary_db FAILED ] 0.0 B/s | 44 kB --:--:-- ETA https://epel.mirror.angkasa.id/pub/epel/7/x86_64/repodata/597b1f1a3c6695106bbd64e74500ee452ea92bf02a2c4a2978936faf2faf40d6-primary.sqlite.xz: [Errno 14] HTTPS Error 404 - Not Found Trying other mirror. epel/x86_64/primary_db FAILED ] 172 kB/s | 167 kB 00:00:27 ETA http://mirror.wanxp.id/epel/7/x86_64/repodata/597b1f1a3c6695106bbd64e74500ee452ea92bf02a2c4a2978936faf2faf40d6-primary.sqlite.xz: [Errno 14] HTTP Error 404 - Not Found Trying other mirror. (1/2): epel/x86_64/updateinfo | 627 kB 00:00:01 epel/x86_64/primary_db FAILED http://mirror01.idc.hinet.net/EPEL/7/x86_64/repodata/597b1f1a3c6695106bbd64e74500ee452ea92bf02a2c4a2978936faf2faf40d6-primary.sqlite.xz: [Errno 14] HTTP Error 404 - Not Found Trying other mirror. (2/2): epel/x86_64/primary_db | 4.2 MB 00:00:00 Loading mirror speeds from cached hostfile * EA4: 103.53.192.34 * base: centos.webwerks.com * epel: epel.mirror.net.in * extras: centos.webwerks.com * updates: centos.webwerks.com No packages marked for update
Please help. Doesn't this mean firewall is down? Without it, I cannot image the number of attacks that have taken place.0 -
I'm having the same exact issue. Any idea what we need to do to fix it? 0 -
I'm having the same exact issue. Any idea what we need to do to fix it?
This post should be helpful: p0f service shows "down" icon0 -
I have the same issue. epel is installed. /scripts/check_cpanel_rpms --fix I ran yesterday and still have the same issue today (update generated same warning) 0 -
I just ran the --fix command and it appeared to fix it. I'm waiting for the next scheduled 'upcp' to run tonight to see if it succeeds or if it removes the p0f rpm again.. Fingers crossed! 0 -
Hi, we had this problem too after cPanel upgrade. Just do this command: /usr/local/cpanel/scripts/check_cpanel_rpms --fix
That did it, hope cPanel will fix this conflict between their package and EPEL soon.0 -
I am having the same issue. I was able to run the --fix command to fix it yesterday but today the system did the upgrade check and broke it again. Is there a way to prevent cPanel from trying to "upgrade" p0f? 0 -
Can cPanel advise on this issue then? As no one should have to keep running the --fix command every day?? I understand that we could just disable the EPEL repo, but we need it for other software on the server. There must be something we can do surely? Any cPanel/WHM folks able to help? 0 -
Have you tried adding to your /etc/yum.repos.d/epel.repo file includepkgs=xyz 123 abc*
where xyz, 123 are the package names you want this repo to update, and abc* is all packages starting with abc (packages should be separated with a space) This is a bit of a pain if you are using EPEL for a lot of packages, but if it is only a few, it is relatively easy Please Note : This applies to yum for CentOS 6x - for version 7 you may have to do some research into whether the syntax has changed or not.0 -
root@server [~]# /usr/local/cpanel/scripts/check_cpanel_rpms --fix [2016-09-17 12:41:14 -0500] [2016-09-17 12:41:14 -0500] Problems were detected with cPanel-provided files which are RPM controlled. [2016-09-17 12:41:14 -0500] If you did not make these changes intentionally, you can correct them by running: [2016-09-17 12:41:14 -0500] [2016-09-17 12:41:14 -0500] > /usr/local/cpanel/scripts/check_cpanel_rpms --fix [2016-09-17 12:41:14 -0500] The following RPMs are missing from your system: [2016-09-17 12:41:14 -0500] p0f-3.09b-1.cp1150 [2016-09-17 12:41:23 -0500] Removing 0 broken rpms: [2016-09-17 12:41:23 -0500] rpm: no packages given for erase [2016-09-17 12:41:24 -0500] Downloading http://httpupdate.cpanel.net/RPM/11.50/centos/7/x86_64/rpm.sha512 [2016-09-17 12:41:24 -0500] W Failed to download URL 'http://httpupdate.cpanel.net/RPM/11.50/centos/7/x86_64/rpm.sha512.asc'. [2016-09-17 12:41:24 -0500] ***** FATAL: No digest data for p0f-3.09b-1.cp1150.x86_64.rpm [2016-09-17 12:41:24 -0500] The Administrator will be notified to review this output when this script completes No digest data for p0f-3.09b-1.cp1150.x86_64.rpm at /usr/local/cpanel/Cpanel/RPM/Versions/File.pm line 777. root@server [~]# /usr/local/cpanel/scripts/check_cpanel_rpms --fix [2016-09-17 12:41:29 -0500] [2016-09-17 12:41:29 -0500] Problems were detected with cPanel-provided files which are RPM controlled. [2016-09-17 12:41:29 -0500] If you did not make these changes intentionally, you can correct them by running: [2016-09-17 12:41:29 -0500] [2016-09-17 12:41:29 -0500] > /usr/local/cpanel/scripts/check_cpanel_rpms --fix [2016-09-17 12:41:29 -0500] The following RPMs are missing from your system: [2016-09-17 12:41:29 -0500] p0f-3.09b-1.cp1150 [2016-09-17 12:41:38 -0500] Removing 0 broken rpms: [2016-09-17 12:41:38 -0500] rpm: no packages given for erase [2016-09-17 12:41:39 -0500] Downloading http://httpupdate.cpanel.net/RPM/11.50/centos/7/x86_64/rpm.sha512 [2016-09-17 12:41:40 -0500] W Failed to download URL 'http://httpupdate.cpanel.net/RPM/11.50/centos/7/x86_64/rpm.sha512.asc'. [2016-09-17 12:41:40 -0500] ***** FATAL: No digest data for p0f-3.09b-1.cp1150.x86_64.rpm [2016-09-17 12:41:40 -0500] The Administrator will be notified to review this output when this script completes No digest data for p0f-3.09b-1.cp1150.x86_64.rpm at /usr/local/cpanel/Cpanel/RPM/Versions/File.pm line 777.
0 -
I'm having the same problem now as well. Two days in a row after each 'upcp' I start getting hundreds of emails telling me p0f-3.09b-1.cp1150 is missing. I don't want to have to login and fix this by hand every night, when is there going to be a fix for this problem? It's killing my machine. 0 -
If one chooses to add repos like EPEL to ones server, I am not at all sure that cPanel would ever be able to "fix" these issues. cPanel has no idea which of the many hundreds of repos that are available for use you might install, and it is possibly unrealistic to expect them to write code to modify these repos when an admin might have installed and configured them deliberately. My perspective (sorry !) is that if one is going to work 'outside the box' and add repos that are not included in the cPanel (cloudlinux/kernelcare/MariaDB) installation, then one should be obliged to administrate and configure them at one's own risk. 0 -
If one chooses to add repos like EPEL to ones server, I am not at all sure that cPanel would ever be able to "fix" these issues. cPanel has no idea which of the many hundreds of repos that are available for use you might install, and it is possibly unrealistic to expect them to write code to modify these repos when an admin might have installed and configured them deliberately. My perspective (sorry !) is that if one is going to work 'outside the box' and add repos that are not included in the cPanel (cloudlinux/kernelcare/MariaDB) installation, then one should be obliged to administrate and configure them at one's own risk.
I personally have only ever installed 2 things outside of the normal cPanel packages.- ]
- ConfigServer Security & Firewall - csf (Current v9.14)
- Munin (Current v2.0.25)
0 -
Having the same issues on my server too, running that command line every night ... still getting mails everyday .... it's happening after last update, before it was ... is it a bug ? 0 -
Hello ex300, this will fix your Problem only until next update. Add the line: exclude=p0f to /etc/yum.repos.d/epel.repo like this: [epel] name=Extra Packages for Enterprise Linux 6 - $basearch #baseurl= failovermethod=priority enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 exclude=p0f This fixed it for me. 0 -
Same here, Even after running the following command we are still receiving multiple alerts /usr/local/cpanel/scripts/check_cpanel_rpms --fix
0 -
I tried adding p0f* in exclude section under /etc/yum.conf, hopefully it should work. 0 -
This post should be helpful: p0f service shows "down" icon
The post merely confirms the issue, but offers no solution which is unhelpful. Is there anything else on offer other than a workaround?0 -
@Vince778 I was attempting to address, and comment on, the conflict that the use of additional repos cause, that the starter of this topic posted about. If it doesn't apply to your particular issue, you may either be in the wrong thread, or you should just ignore it rather than try to attack me over it. If some other, and more fundamental, problem exists regarding the p0f RPM's as supplied by cPanel/CentOS - then obviously this needs to be addressed. 0 -
@Vince778 I was attempting to address, and comment on, the conflict that the use of additional repos cause, that the starter of this topic posted about. If it doesn't apply to your particular issue, you may either be in the wrong thread, or you should just ignore it rather than try to attack me over it. If some other, and more fundamental, problem exists regarding the p0f RPM's as supplied by cPanel/CentOS - then obviously this needs to be addressed.
@rpvw Your comment directly followed my own and did not appear to point to anyone else so I'm not sure why your upset. I responded with more information and was simply trying to understand what you said. It was not an attack, please read it again.0
Please sign in to leave a comment.
Comments
59 comments