Sep 182016
 
Hi all,

 

I have been noticing quite a few issues relating to the cPanel p0f service crashing and sending e-mail notices to customers. This appears to be related to a recent cPanel update based on early reports. Fortunately, the fix is quite simple and should only require you to run the following commands:
/scripts/check_cpanel_rpms --fix
/scripts/restartsrv_p0f

What is the PoF service you ask? Well cpanel says this is the Passive OS Fingerprinting Daemon

If you are on a CentOS7 server, you also need to create an extra entry to the yum.conf excludes, I have checked and confirmed that this fix does work and should be a permanent solution.

Edit:

/etc/yum.conf, add p0f*

to the exclude line. You can add it to the end if you want. It will automatically sort it in alphabetical order.
Change:

exclude=courier* dovecot* exim* filesystem httpd* mod_ssl* mydns* mysql* nsd* php* proftpd* pure-ftpd* spamassassin* squirrelmail*

to

exclude=courier* dovecot* exim* filesystem httpd* mod_ssl* mydns* mysql* nsd* p0f* php* proftpd* pure-ftpd* spamassassin* squirrelmail*

and then you can run /scripts/upcp and /scripts/check_cpanel_rpms without triggering the issue again. Otherwise at the next upcp the issue will reoccur again and send out more emails about being broken.

cPanel’s official fix to this is slightly different. They state:  “The issue happens when the EPEL yum repo is enabled. A yum update installs the p0f package from EPEL instead of the cPanel provided p0f package. To correct this, you should added p0f*.el7.* to the excludes line in /etc/yum.conf, and ran /scripts/check_cpanel_rpms –fix to get the cPanel provided p0f package installed. Then you shouldn’t have this issue again.

So please add “p0f*.el7.*” to the excludes line instead of just “p0f*” as this will prevent this from ever updating at all, while the former entry “p0f*” should only prevent it from updating from non-cPanel sources.

Share This!