Skip to main content

p0f Service Failing to Start on AlmaLinux 8.7 with cPanel - Timeout and Socket Creation Issues

MohammadNehme

Hello,

I’m encountering an issue with the p0f service on my AlmaLinux 8.7 server running cPanel. The service is consistently failing to start with a timeout, and I’m unable to get it to create the necessary socket file (/var/cpanel/userhomes/cpanelconnecttrack/p0f.socket).

System Details:

  • OS: AlmaLinux 8.7

  • cPanel Version: 124.0.32

  • p0f Version: 3.09b (shipped with cPanel)

  • Architecture: x86_64

  • Service Name: p0f (Passive OS Fingerprinter)

    Symptoms:

    The service fails to start, and the logs indicate a timeout without any additional information. Here’s what I see in the logs:

    Mar 27 12:12:41 Mar 27 12:12:41 'hostname' systemd[1]: Starting p0f passive fingerprinter...
    Mar 27 12:14:11 'hostname'  systemd[1]: p0f.service: start operation timed out. Terminating.
    Mar 27 12:14:11 'hostname'  systemd[1]: p0f.service: Failed with result 'timeout'.
    Mar 27 12:14:11 'hostname'  systemd[1]: Failed to start p0f passive fingerprinter. systemd[1]: Starting p0f passive fingerprinter...
    Mar 27 12:14:11 'hostname'  systemd[1]: p0f.service: start operation timed out. Terminating.
    Mar 27 12:14:11 'hostname'  systemd[1]: p0f.service: Failed with result 'timeout'.
    Mar 27 12:14:11 'hostname' systemd[1]: Failed to start p0f passive fingerprinter.

There is no further detail in the journalctl or /var/log/messages logs regarding the error. The service never creates the socket at /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket despite the path existing.

Troubleshooting Steps Taken:

  • Recreated the Required Directory: I ensured that the directory /var/cpanel/userhomes/cpanelconnecttrack exists and set the appropriate ownership (cpanelconnecttrack:cpanelconnecttrack) and permissions (711).
  • Removed and Reinstalled p0f: I removed the existing p0f installation using: 
    rpm -e --nodeps cpanel-p0f.x86_64
  • Then i ran 
    /scripts/check_cpanel_pkgs --fix
  • Modified Network Interface:
    I updated the service to listen on a specific network interface instead of any in case the issue was related to the any interface, but it did not resolve the issue.
  • Increased Systemd Timeout:
    I increased the systemd TimeoutStartSec to 300 seconds, but this did not prevent the timeout error.
  • Run p0f Manually with Debugging:
    I manually ran the p0f command with the -vv flag for verbose output, but it did not provide any useful information. When running the service via strace: 
    strace -f -e trace=network /usr/local/cpanel/3rdparty/sbin/p0f -i eth0 -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket
    The output showed the following (but no errors related to the socket creation): 
    --- p0f 3.09b by Author_Name <Author_email_address> ---
    ^C--- SIGINT {si_signo=SIGINT, si_code=SI_KERNEL} ---
    strace: Process 740976 detached
  • Verified Permissions:
    I confirmed that the directory /var/cpanel/userhomes/cpanelconnecttrack has the correct ownership and permissions, and the cpanelconnecttrack user has sufficient privileges.
  • Checked for System Resource Issues:
    Verified the system has enough resources (RAM, CPU) using free -m and top. There are no resource constraints.

    Additional Info : 

  • The socket file /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket is never created after recreating the directory, and p0f doesn’t seem to proceed past initialization.

  • The p0f service is running as a non-root user (cpanelconnecttrack), but the initialization process doesn’t complete.

  • The -vv verbose flag did not provide any useful logs, nor did running strace show additional error information.

    I would appreciate any insights or suggestions to resolve this issue. Has anyone else encountered this problem? Are there any known bugs or configuration issues with p0f on AlmaLinux 8.7 or in the latest cPanel versions?

Comments

3 comments

Date Votes
  • cPRex Jurassic Moderator

    Hey there!  it sounds like you've done some excellent troubleshooting already - does this command show anything interesting related to that failure?

    /scripts/restartsrv_p0f --check
    0
  • MohammadNehme

    Hello

    It didn't return anything except it is down

    [Username@
    Hostname ~]# /scripts/restartsrv_p0f --check
    (XID vkr7nn) The “p0f” service is down.
    [Username@hostname~]# systemctl status p0f
    ● p0f.service - p0f passive fingerprinter
    Loaded: loaded (/etc/systemd/system/p0f.service; enabled; vendor preset: disabled)
    Active: activating (start) since Fri 2025-03-28 01:57:16 EET; 14s ago
    Cntrl PID: 1560130 (p0f)
    Tasks: 1 (limit: 205484)
    Memory: 352.0K
    CGroup: /system.slice/p0f.service
    └─1560130 /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack >
    Mar 28 01:57:16 hostname systemd[1]: Starting p0f passive fingerprinter...
    Mar 28 01:57:16 hostname p0f[1560130]: --- p0f 3.09b by author_name lines 1-11/11 (END)

    0
  • cPRex Jurassic Moderator

    Thanks for the additional details.  At this point it would be best to create a ticket about this issue so it can be investigated directly on the server.

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post