mediumservicesunverified
Ensure cockpit web services are not in use
cockpit-not-in-use · RHEL ≥ 8 · 1 impl
Description
The cockpit web console (cockpit.socket / cockpit.service) must not be enabled or active unless the host is explicitly managed through it.
Rationale
A network-facing management console is additional attack surface and remote entry point; it must be disabled where unused.
Check → Remediate
Checkcommand
# not in use = cockpit.socket neither active nor enabled (absent is fine) act=$(systemctl is-active cockpit.socket 2>/dev/null) en=$(systemctl is-enabled cockpit.socket 2>/dev/null) if [ "$act" = "active" ] || [ "$en" = "enabled" ]; then echo "FAIL: cockpit.socket is in use (active=$act enabled=$en)" exit 1 fi echo "OK: cockpit web services are not in use" exit 0
- expected_exit:
- 0
Remediatemanual
- note:
- systemctl stop cockpit.socket && systemctl disable cockpit.socket (or dnf remove cockpit)
Framework references
CIS
rhel8 2.1.3rhel10 2.1.3
NIST 800-53
CM-7
#cockpit#attack-surface#services#cis