๐ ~1 min read
Table of contents
Symptom & Impact
Admins cannot access Cockpit on port 9090, slowing incident response workflows.
Environment & Reproduction
Appears after CIS hardening changes to sockets, firewall, or SELinux.
sudo systemctl status cockpit.socketRoot Cause Analysis
Socket disabled, service masked, or network policy blocks inbound traffic to 9090.
Quick Triage
Confirm listener presence and firewall zone assignment.
sudo ss -ltnp | grep 9090Step-by-Step Diagnosis
Inspect cockpit and sshd related SELinux denials and firewalld runtime config.
sudo journalctl -u cockpit --since -2h
Solution – Primary Fix
Enable cockpit socket and open service through firewalld permanently.
Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.
sudo systemctl enable --now cockpit.socket && sudo firewall-cmd --permanent --add-service=cockpit && sudo firewall-cmd --reload
Solution – Alternative Approaches
Expose Cockpit only via bastion with SSH tunnel to reduce direct access surface.
Verification & Acceptance Criteria
HTTPS to port 9090 succeeds from approved management networks.
Rollback Plan
Remove cockpit service rule and disable socket if policy requires temporary closure.
Prevention & Hardening
Include cockpit checks in hardening validation and codify expected management access paths.
Related Errors & Cross-Refs
Cross-reference certificate trust warnings and PAM login restrictions.
Related tutorial: View the step-by-step tutorial for rhel-10.
View all rhel-10 tutorials on the Tutorials Hub โ
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
RHEL cockpit deployment and security best practices.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today โ we respond within one business day.
