Install and Run Cockpit on Debian 12 Bookworm: Best Monitoring Tool

By Posted on

Install and Run Cockpit on Debian 12 Bookworm: Best Monitoring Tool

Install and Run Cockpit on Debian 12 Bookworm: Best Monitoring Tool

In this guide, you will learn to Install and Run Cockpit on Debian 12 Bookworm. Cockpit is a web-based system management and monitoring tool that is available for free. You can follow this instruction on the Orcacore Website to Install and Run Cockpit on Debian 12 Bookworm.

Before you start your Cockpit installation, you must have access to your server as a non-root user and set up a basic UFW firewall. For this purpose, you can visit this guide on Initial Server Setup with Debian 12 Bookworm.

Then, follow the steps below to Install and Run Cockpit on Debian 12 Bookworm.

Step 1 – Install Cockpit on Debian 12 Bookworm

Cockpit packages are available in the Linux distributions by default. First, run the system update with the following command:

sudo apt update

Then, run the following command on your Debian server to install Cockpit:

sudo apt install cockpit -y

Step 2 – How To Start Cockpit Service on Debian 12?

Now that you have installed Cockpit, you can use the command below to start your service:

sudo systemctl start cockpit.socket

Enable your Cockpit service to start on the boot system with the command below:

sudo systemctl enable cockpit.socket

Verify your Cockpit service is active and running on Debian 12 by running the following command:

sudo systemctl status cockpit.socket

In your output, you should see:

**Output**
● cockpit.socket - Cockpit Web Service Socket
     Loaded: loaded (/lib/systemd/system/cockpit.socket; enabled; preset: enabled)
     Active: **active** (**listening**) since Thu 2023-08-17 07:45:29 EDT; 58s ago
   Triggers: ● cockpit.service
       Docs: man:cockpit-ws(8)
     Listen: [::]:9090 (Stream)
      Tasks: 0 (limit: 4644)
     Memory: 8.0K
        CPU: 21ms
     CGroup: /system.slice/cockpit.socket
...

Step 3 – Configure UFW Firewall Rules for Cockpit

Here we assumed that you have enabled UFW from the initial Debian 12 setup. At this point, you need to allow the Cockpit port which is 9090 through the firewall. Also, you need to allow port 80. To do this, run the following UFW commands:

# sudo ufw allow 9090
# sudo ufw allow 80

Reload the firewall to apply the new rules:

sudo ufw reload

You can verify your UFW status with the command below:

sudo ufw status
**Output**
Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
9090                       ALLOW       Anywhere
80                         ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)
9090 (v6)                  ALLOW       Anywhere (v6)
80 (v6)                    ALLOW       Anywhere (v6)

Tips: To get more information about UFW rules, you can visit this guide on Configure Firewall with UFW on Debian 12 Bookworm.

Step 4 – Access Cockpit Console via Web Interface

At this point, you have run your Cockpit service on Debian 12 Bookworm. Now you can access your dashboard by typing your server’s IP address in your web browser followed by 9090:

http://your-server-ip:9090

You will see the Cockpit Login screen. You need to enter your root user and password and click Login:

Cockpit login screen Debian 12
Install and Run Cockpit on Debian 12 Bookworm

Can not log in to Cockpit by the default root user on Debian 12

If you see the message error like the following in your login screen:

**Wrong user name or password**

You can fix this issue by editing the /etc/cockpit/disallowed-users file. Open the file, with your favorite text editor, here we use the vi editor:

sudo vi /etc/cockpit/disallowed-users

At the file, remove the root entry. With this option, you allow the root login to Cockpit.

When you are done, save and close the file.

Then, restart your Cockpit service:

sudo systemctl restart cockpit.socket

Now try to connect your Cockpit with root credentials and it works correctly.

At this point, you should see your Cockpit dashboard on Debian 12:

Cockpit dashboard Debian 12
Install and Run Cockpit on Debian 12 Bookworm

As you can see from the dashboard menu, you can view and manage Logs, Storage, Networking, Accounts, services, etc. Also, it gives you a terminal-based interface where you can run commands from there.

Conclusion

At this point, you have learned to Install and Run Cockpit on Debian 12 Bookworm from the APT repository and access your Cockpit dashboard. Also, if you got an error while logging in with root to your Cockpit console, you can easily fix it by removing the root entry from the /etc/cockpit/disallowed-users file.

Hope you enjoy it. You may also like these articles too:

Install DirectAdmin Control Panel on Debian 12 Bookworm

Set up Bitwarden Password Manager on Debian 12

Alternative Solutions for Root Login Issue

The article provides a straightforward method for enabling root login to Cockpit by editing the /etc/cockpit/disallowed-users file. While effective, this approach can pose a security risk if not implemented with caution. Below are two alternative solutions to manage Cockpit access without directly enabling root login:

1. Using a Dedicated Administrator Account with sudo Privileges

A more secure approach is to create a dedicated administrative user with sudo privileges. This user can then log in to Cockpit and perform administrative tasks by utilizing sudo when necessary. This method adheres to the principle of least privilege, minimizing the risk associated with direct root access. This provides a solution to install and run Install and Run Cockpit on Debian 12 Bookworm in a more secure manner.

Steps:

  1. Create a new user:

    sudo adduser adminuser

    Follow the prompts to set a password and other user information. Replace adminuser with your desired username.

  2. Add the user to the sudo group:

    sudo usermod -aG sudo adminuser

    This command adds the adminuser to the sudo group, granting them administrative privileges.

  3. Log in to Cockpit with the new user:

    Use the newly created adminuser credentials to log in to the Cockpit web interface.

  4. Execute administrative commands using sudo:

    When performing tasks within Cockpit that require root privileges (e.g., starting/stopping services), prefix the command with sudo. Cockpit will prompt for the user’s password.

Explanation:

This method avoids directly enabling root login to Cockpit. The adminuser account has limited privileges by default, and elevated privileges are only granted when sudo is explicitly used. This limits the potential damage if the account is compromised. It is important to remember the password for this user.

2. Using PolicyKit (polkit) to Grant Specific Privileges

PolicyKit (polkit) provides a more granular approach to managing privileges. You can create polkit rules to allow specific users or groups to perform certain administrative tasks within Cockpit without requiring sudo for every action. This can streamline workflows while maintaining a strong security posture. This helps to Install and Run Cockpit on Debian 12 Bookworm with increased security and user-friendliness.

Steps:

  1. Identify the action you want to allow:

    You’ll need to identify the specific polkit action that corresponds to the task you want to grant permission for. You can use the pkaction command to list available actions and their details. For example, to find actions related to managing services:

    pkaction | grep service

    The output will show actions like org.freedesktop.systemd1.manage-units.

  2. Create a polkit rule:

    Create a new polkit rule file in /etc/polkit-1/rules.d/. The filename should end with .rules. For example, 99-allow-service-management.rules:

    sudo vi /etc/polkit-1/rules.d/99-allow-service-management.rules

  3. Add the following rule to the file:

    polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.systemd1.manage-units" &&
        subject.isInGroup("wheel")) { // Replace "wheel" with your desired group
        return polkit.Result.YES;
    }
});

    Explanation of the rule:

    • action.id == "org.freedesktop.systemd1.manage-units": This specifies the polkit action that this rule applies to. Replace this with the appropriate action ID identified in step 1.
    • subject.isInGroup("wheel"): This specifies the group that the user must be a member of to be granted permission. Replace "wheel" with the appropriate group name (e.g., sudo, admin).
    • return polkit.Result.YES: This grants permission to perform the action.

  4. Restart the polkit service (optional):

    In some cases, you might need to restart the polkit service for the changes to take effect:

    sudo systemctl restart polkit.service

  5. Log in to Cockpit with a user in the specified group:

    Users who are members of the specified group (e.g., wheel or sudo) will now be able to perform the specified action (e.g., manage systemd units) within Cockpit without being prompted for a password.

Explanation:

Polkit allows you to define fine-grained access control policies. By creating rules that grant specific privileges to users based on their group membership, you can avoid granting blanket root access while still enabling them to perform necessary administrative tasks within Cockpit. It is important to carefully choose the appropriate polkit actions and groups to minimize the risk of unintended privilege escalation.

These alternative solutions offer more secure and flexible ways to manage Cockpit access compared to directly enabling root login. Choose the method that best suits your security requirements and administrative workflow. Remember to always prioritize security best practices when configuring access to sensitive system management tools like Cockpit. It is crucial to secure the Install and Run Cockpit on Debian 12 Bookworm.

Related posts:

Leave a Reply

Your email address will not be published. Required fields are marked *