Cockpit - Linux Web Console
So I installed CentOS 8 in VirtualBox today. Why, are you asking? Because that's what I "do for fun". Good thing I don't go on job interviews or first dates anymore, right? Anyway, I installed CentOS 7.6 on an AWS EC2 VM just a couple of weeks ago, so I was surprised to see the following message when I SSH'd into the new version 8 VM from my Ubuntu host:
Activate the web console with: systemctl enable --now cockpit.socket
Web console? cockpit.socket? My interest was piqued! After reading a bit about The Cockpit Project [1] I decided to give it a try. Since the web console opens a socket listener on port 9090, I don't like to have it open for no reason, so rather than Enabling the service I simply started it temporarily, so that I can easily stop it afterwards:
$ sudo systemctl start cockpit.socket
Getting no output from that command, and specifically no error messages, was an indication that it was executed successfully. The next thing to do then was to browse to the server's IP address at port 9090. In this case the address was https://192.168.1.182:9090/ and since it uses a self signed certificate I had to tell the browser that yes, I trust that server, and yes, I know what I'm doing. Sheesh.
Next I was presented with a login screen that looked eerily similar to the OpenShift or OKD login screens, exposing Red Hat's fingerprints on the product:
Once I logged in with my Linux user account, which has `sudo` privileges, I landed on the System page which displayed basic information about the server and featured some nice graphs:
Some interesting menu items on the left include the Logs, which allow to easily filter entries by severity:
Storage and Networking, with some nice graphs and I/O stats:
Account and Service management available via the appropriately labeled links:
SELinux page with very useful information for when you want to pull your hair out because nothing is working as you expect it to, also with an easy button to toggle Enforcing and Permissive modes:
Software Updates:
And my favorite, a Terminal emulator that runs surprisingly well inside your browser:
And the cherry on top is that the layout is responsive and you can do it all from your tablet or phone:
It's really cool stuff, but I don't want to open an unnecessary attack vector to hackers so I think I will keep it disabled by default, and turn it on and off as, or if, needed.
GSE #231 | CISSP | SANS/GIAC(x10) | TreeTop Security founder | BSidesKC co-organizer | STEM Harvest founder | Entrepreneur | Disruptor
5 年I haven't tried 8 yet, but now I'm excited to take a peek. Nice write-up!