Cockpit 209

by Marius Vollmer
category: release

Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 209.

A new design for the Overview page

The landing page has been completely redesigned. Information is grouped into easier to understand panels, health information is much more prominent, the resource graphs have been moved to their own page, and the hardware information page should now be easier to find.

Overview

Session timeouts

Cockpit will automatically log you out of your current session after 15 minutes of inactivity.

Automatic logout

You can configure the timeout, in minutes, in /etc/cockpit/cockpit.conf. For example, this will disable automatic logouts completely:

[Session]
IdleTimeout=0

Support for banners on the login page

Like SSH, Cockpit can now optionally show the content of banner files on the login screen.

/etc/issue

This needs to be configured in /etc/cockpit/cockpit.conf. For example:

[Session]
Banner=/etc/issue.cockpit

Support for TLS client certificate authentication

You can now log into Cockpit with a TLS client certificate that is provided by your browser or a device like a Smart Card or YubiKey.

See it in action:

And read the documentation here.

Support for Fedora CoreOS

Fedora CoreOS is a minimal and robust Fedora based operating system for hosting container workloads. It is the successor of Fedora Atomic Host, which is not supported any more.

We now fully support running Cockpit on this platform.

Please see the Running Cockpit documentation or the cockpit/ws docker hub page for how to install Cockpit on Fedora CoreOS.

List cockpit logins in wtmp/utmp

Logins via the web console are now correctly registered in utmp and wtmp, allowing them to be visible in tools such as who, w, and last.

[root@m1 ~]# who
root     pts/0        2019-12-13 08:09 (172.27.0.2)
admin    web console  2019-12-13 08:09

Dropped support for the pam_rhost module

The pam_rhosts module is not in Cockpit’s PAM stack by default (nor in any other stack) and the remote IP is not a reliable piece of information. NAT, VPNs, or reverse proxies (such as Cockpit’s own cockpit-tls) all destroy the actual IP of the browser’s machine.

For these reasons, Cockpit does not set the PAM_RHOST variable anymore when running its PAM stack.

Try it out

Cockpit 209 is available now: