๐ Secure Ubuntu MCP Server
This is a hardened, production-ready Model Context Protocol (MCP) server. It offers AI assistants secure, controlled access to Ubuntu system operations. The server is built with comprehensive security controls, audit logging, and defense-in-depth principles, ensuring the security of Ubuntu system operations.
โจ Features
๐ก๏ธ Security-First Architecture
- Path traversal protection: Symlink resolution with allowlist/denylist controls.
- Command sanitization: Shell injection prevention with safe argument parsing.
- Resource limits: Controls for file size, execution timeouts, and output size.
- Comprehensive audit logging: All operations are logged with user attribution.
- Defense in depth: Multiple security layers with fail-safe defaults.
๐ฏ Core Capabilities
- File Operations: Read, write, and list directories with permission validation.
- Command Execution: Safe shell command execution with whitelist/blacklist filtering.
- System Information: Monitoring of OS details, memory, and disk usage.
- Package Management: APT package search and listing (installation requires explicit config).
๐๏ธ Production Ready
- Modular design: Clear separation of concerns.
- Comprehensive error handling: Meaningful error messages.
- Extensive test suite: Including security validation tests.
- Configurable policies: Suitable for different use cases and environments.
- Zero-dependency security: Core security doesn't rely on external packages.
๐ Quick Start
Prerequisites
- Ubuntu 18.04+ (tested on 20.04, 22.04, 24.04).
- Python 3.9 or higher.
- Standard Unix utilities (ls, cat, echo, etc.).
Installation
git clone https://github.com/yourusername/secure-ubuntu-mcp.git
cd secure-ubuntu-mcp
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
python main.py --test
Basic Usage
python main.py --policy secure
python main.py --policy dev
python main.py --security-test
๐ง Integration
Claude Desktop
Getting Claude Desktop on Linux
Official Support: Claude Desktop doesn't officially support Linux, but the community has created solutions!
Recommended Method: Use the community Debian package by @aaddrick:
wget https://github.com/aaddrick/claude-desktop-debian/releases/latest/download/claude-desktop_latest_amd64.deb
sudo dpkg -i claude-desktop_latest_amd64.deb
sudo apt-get install -f
For other methods and troubleshooting, see: https://github.com/aaddrick/claude-desktop-debian
Configuration
Once Claude Desktop is installed, add to your configuration (~/.config/claude-desktop/claude_desktop_config.json):
{
"mcpServers": {
"secure-ubuntu": {
"command": "/path/to/secure-ubuntu-mcp/.venv/bin/python3",
"args": ["/path/to/secure-ubuntu-mcp/main.py", "--policy", "secure"],
"env": {
"MCP_LOG_LEVEL": "INFO"
}
}
}
}
โ ๏ธ Important Note: Use absolute paths and the virtual environment Python interpreter.
Verification: After restarting Claude Desktop, you should see "secure-ubuntu" listed as a connected server, and Claude will have access to system control tools.
Other MCP Clients
The server implements the standard MCP protocol and works with any MCP-compatible client:
import asyncio
from mcp.client import ClientSession
async def example():
pass
๐ก๏ธ Security Policies
Secure Policy (Default)
Recommended for production and untrusted environments:
- Allowed Paths:
~/, /tmp, /var/tmp.
- Forbidden Paths:
/etc, /root, /boot, /sys, /proc, /dev, /usr, /bin, /sbin.
- Command Whitelist:
ls, cat, echo, pwd, whoami, date, find, grep, apt (search only).
- Resource Limits: 1MB files, 15s timeouts, 256KB output.
- Sudo: Disabled.
- Shell Execution: Disabled (uses safe direct execution).
Development Policy
More permissive for development environments:
- Additional Allowed Paths:
/opt, /usr/local.
- Fewer Restrictions: Access to more system areas.
- Larger Limits: 10MB files, 60s timeouts, 1MB output.
- More Commands: Most development tools allowed.
- Sudo: Still disabled by default (can be enabled).
Custom Policies
Create your own security policy:
from main import SecurityPolicy
custom_policy = SecurityPolicy(
allowed_paths=["/your/custom/paths"],
forbidden_paths=["/sensitive/areas"],
allowed_commands=["safe", "commands"],
forbidden_commands=["dangerous", "commands"],
max_command_timeout=30,
allow_sudo=False,
audit_actions=True
)
๐ Available Tools
File Operations
list_directory(path): List directory contents with metadata.read_file(file_path): Read file contents with size validation.write_file(file_path, content, create_dirs=False): Write with atomic operations.
System Operations
execute_command(command, working_dir=None): Execute shell commands safely.get_system_info(): Get OS, memory, and disk information.
Package Management
search_packages(query): Search APT repositories.install_package(package_name): Check package availability (listing only).
๐ Security Features
Protection Against Common Attacks
Path Traversal Prevention:
../../../etc/passwd
/etc/passwd
/tmp/../etc/passwd
symlinks_to_sensitive_files
Command Injection Prevention:
echo hello; rm -rf /
echo `cat /etc/passwd`
echo $(whoami)
ls | rm -rf /
Resource Exhaustion Protection:
- File size limits prevent memory exhaustion.
- Execution timeouts prevent hanging processes.
- Output size limits prevent log flooding.
- Directory listing limits prevent enumeration attacks.
Audit Trail
All operations are logged with:
- User attribution.
- Timestamp and operation type.
- Full path resolution.
- Success/failure status.
- Security violation details.
๐งช Testing
Functionality Tests
python main.py --test
Security Validation
python main.py --security-test
Manual Testing
python test_client.py --simple
๐ Example Usage
Once integrated with an AI assistant:
System Monitoring:
"Check my system status and disk space"
File Management:
"List the files in my home directory and show me the largest ones"
Development Tasks:
"Check if Python is installed and show me the version"
Log Analysis:
"Look for any error files in my project directory"
โ๏ธ Configuration
Environment Variables
MCP_LOG_LEVEL: Logging level (DEBUG, INFO, WARNING, ERROR).MCP_POLICY: Security policy (secure, dev).MCP_CONFIG_PATH: Path to custom configuration file.
Configuration File
Create config.json for custom settings:
{
"server": {
"name": "secure-ubuntu-controller",
"version": "1.0.0",
"log_level": "INFO"
},
"security": {
"policy_name": "secure",
"allowed_paths": ["~/", "/tmp"],
"max_command_timeout": 30,
"allow_sudo": false,
"audit_actions": true
}
}
๐ ๏ธ Development
Adding New Tools
@mcp.tool("your_tool_name")
async def your_tool(param: str) -> str:
"""Tool description for AI assistant"""
try:
result = controller.safe_operation(param)
return json.dumps(result, indent=2)
except Exception as e:
return json.dumps({"error": str(e)}, indent=2)
Extending Security
def create_custom_policy() -> SecurityPolicy:
"""Create a custom security policy"""
return SecurityPolicy(
allowed_paths=["/your/paths"],
forbidden_commands=["dangerous", "commands"],
)
๐ง Troubleshooting
Common Issues
"Server appears to hang"
- This is normal! MCP servers run continuously and communicate via stdio.
- The server is waiting for MCP protocol messages.
"ModuleNotFoundError: No module named 'mcp'"
- Ensure you're using the virtual environment Python interpreter.
- Check your Claude Desktop config uses the full path to
.venv/bin/python3.
"SecurityViolation" errors
- Check if the path/command is allowed by your security policy.
- Review audit logs at
/tmp/ubuntu_mcp_audit.log.
- Consider using development policy for testing.
"Permission denied" errors
- Verify your user has access to the requested paths.
- Check file/directory permissions with
ls -la.
Debug Mode
python main.py --log-level DEBUG --policy secure
tail -f /tmp/ubuntu_mcp_audit.log
๐ค Contributing
We welcome contributions! Please see our Contributing Guidelines for details.
Development Setup
- Fork the repository.
- Create a feature branch:
git checkout -b feature/amazing-feature.
- Make your changes with tests.
- Ensure all tests pass:
python main.py --test && python main.py --security-test.
- Submit a pull request.
Code Standards
- Follow PEP 8 style guidelines.
- Add type hints for all public functions.
- Include comprehensive docstrings.
- Write tests for new functionality.
- Maintain security-first principles.
๐ License
This project is licensed under the MIT License - see the LICENSE file for details.
๐ Security Disclosure
If you discover a security vulnerability, please email [radjackbartok@proton.me] instead of creating a public issue. We take security seriously and will respond promptly.
๐ Acknowledgments
- Model Context Protocol team for the excellent protocol.
- Security researchers and the infosec community for best practices.
- Python security community for ongoing guidance.
๐ Roadmap
- [ ] Enhanced Logging: Structured JSON logging with more context.
- [ ] Container Support: Docker integration and container-aware policies.
- [ ] Network Tools: Safe networking utilities (ping, traceroute, etc.).
- [ ] Process Management: Safe process monitoring and control.
- [ ] Configuration UI: Web interface for policy management.
- [ ] Integration Tests: Comprehensive end-to-end testing.
- [ ] Performance Optimization: Caching and performance improvements.
- [ ] Multi-User Support: Role-based access controls.
๐ก Usage Tip
Start with the secure policy and gradually increase permissions as needed. It's easier to add permissions than to recover from a security incident!
%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%23061b40;%20}%20.st1%20{%20fill:%20%23306af1;%20}%20.st2%20{%20fill:%20%235ce5cf;%20}%20%3c/style%3e%3c/defs%3e%3cg%3e%3cpath%20class='st0'%20d='M55,10.5h9v3h-9v9h12V7.5h-12v3ZM64,19.5h-6v-3h6v3Z'/%3e%3cpolygon%20class='st0'%20points='69%2016.5%2078%2016.5%2078%2019.5%2069%2019.5%2069%2022.5%2081%2022.5%2081%2013.5%2072%2013.5%2072%2010.5%2081%2010.5%2081%207.5%2069%207.5%2069%2016.5'/%3e%3cpolygon%20class='st0'%20points='95%2010.5%2095%207.5%2083%207.5%2083%2022.5%2095%2022.5%2095%2019.5%2086%2019.5%2086%2016.5%2095%2016.5%2095%2013.5%2086%2013.5%2086%2010.5%2095%2010.5'/%3e%3cpath%20class='st0'%20d='M40,1.5v21h11.6l1.4-1.4v-7.6h0c0,0-1.4-1.5-1.4-1.5l1.4-1.4V2.9l-1.4-1.4h-11.6ZM50,19.5h-7v-6h7v6ZM50,10.5h-7v-6h7v6Z'/%3e%3c/g%3e%3cpath%20class='st1'%20d='M23.1,24L14.7,4.8l-4.9,11.2h3.8l-1.8,4H3.3L12.1,0H2C.9,0,0,.9,0,2v20c0,1.1.9,2,2,2h21.1Z'/%3e%3cpath%20class='st2'%20d='M34,0h-16.8l10.6,24h6.2c1.1,0,2-.9,2-2V2C36,.9,35.1,0,34,0ZM32.5,20h-4V4h4v16Z'/%3e%3c/svg%3e)
