If you have a server with CPanel and you get the p0f appears to be down message after reboots or upgrades then welcome to the club.

p0f is a TCP/IP stack fingerprinting tool and it looks at TCP/IP traffic coming to your machine and attempts to identify bits of information about the remote machine from the TCP/IP packets it’s sending. This might be things like the operating system of the remote machine.

Your firewall might use it or maybe some sort of analytics package.

About six months ago, I started getting the p0f appears to be down message after CPanel upgrades or even sometimes just after reboots. I haven’t figured out why it started happening but I do know how to fix it.

It’s a two step process as follows:

First, edit etc/yum.conf and add the following to the excludes:

p0f*.el7.*

Then run the following sequence of commands:

/scripts/check_cpanel_rpms --fix
/usr/local/cpanel/scripts/check_cpanel_rpms --fix
/usr/local/cpanel/scripts/restartsrv_p0f

For some reason it seems CPanel isn’t correctly maintaining its RPMs, although I don’t know why. This means I have to keep doing this at the moment, after each upgrade and/or reboot. The research I did pointed to this temporary fix but I haven’t yet come across a way to permanently fix it.

Anyway, you should be good to go — temporarily, at least — if you follow the instructions above.

Errors Encountered