Labsco
pazuzu1w logo

Secure Ubuntu MCP Server

β˜… 38

from pazuzu1w

A security-focused MCP server for performing safe operations on an Ubuntu system, featuring robust security controls and audit logging.

πŸ”₯πŸ”₯πŸ”₯βœ“ VerifiedFreeAdvanced setup

Secure Ubuntu MCP Server

πŸ”’ Security-First Model Context Protocol server for safe Ubuntu system operations

A hardened, production-ready Model Context Protocol (MCP) server that provides AI assistants with secure, controlled access to Ubuntu system operations. Built with comprehensive security controls, audit logging, and defense-in-depth principles.

License: MIT Python 3.9+ Security Focused MCP Compatible

✨ Key Features

πŸ›‘οΈ Security-First Architecture

  • Path traversal protection - Symlink resolution with allowlist/denylist controls
  • Command sanitization - Shell injection prevention with safe argument parsing
  • Resource limits - File size, execution timeouts, and output size controls
  • Comprehensive audit logging - All operations logged with user attribution
  • Defense in depth - Multiple security layers with fail-safe defaults

🎯 Core Capabilities

  • File Operations - Read, write, and list directories with permission validation
  • Command Execution - Safe shell command execution with whitelist/blacklist filtering
  • System Information - OS details, memory, and disk usage monitoring
  • Package Management - APT package search and listing (installation requires explicit config)

πŸ—οΈ Production Ready

  • Modular design with clear separation of concerns
  • Comprehensive error handling with meaningful error messages
  • Extensive test suite including security validation tests
  • Configurable policies for different use cases and environments
  • Zero-dependency security - Core security doesn't rely on external packages

πŸ”§ Integration

Claude Desktop

Getting Claude Desktop on Linux

Official Support: Claude Desktop doesn't officially support Linux, but the community has created solutions!

Recommended Method: Use the community Debian package by @aaddrick:

# Download and install Claude Desktop for Linux
wget https://github.com/aaddrick/claude-desktop-debian/releases/latest/download/claude-desktop_latest_amd64.deb
sudo dpkg -i claude-desktop_latest_amd64.deb
sudo apt-get install -f  # Fix any dependency issues

For other methods and troubleshooting, see: https://github.com/aaddrick/claude-desktop-debian

Configuration

Once Claude Desktop is installed, add to your configuration (~/.config/claude-desktop/claude_desktop_config.json):

{
  "mcpServers": {
    "secure-ubuntu": {
      "command": "/path/to/secure-ubuntu-mcp/.venv/bin/python3",
      "args": ["/path/to/secure-ubuntu-mcp/main.py", "--policy", "secure"],
      "env": {
        "MCP_LOG_LEVEL": "INFO"
      }
    }
  }
}

⚠️ Important: Use absolute paths and the virtual environment Python interpreter

Verification: After restarting Claude Desktop, you should see "secure-ubuntu" listed as a connected server, and Claude will have access to system control tools.

Other MCP Clients

The server implements the standard MCP protocol and works with any MCP-compatible client:

# Example with mcp Python client
import asyncio
from mcp.client import ClientSession

async def example():
    # Connect to the server
    # Implementation depends on your MCP client
    pass

πŸ›‘οΈ Security Policies

Secure Policy (Default)

Recommended for production and untrusted environments:

  • Allowed Paths: ~/, /tmp, /var/tmp
  • Forbidden Paths: /etc, /root, /boot, /sys, /proc, /dev, /usr, /bin, /sbin
  • Command Whitelist: ls, cat, echo, pwd, whoami, date, find, grep, apt (search only)
  • Resource Limits: 1MB files, 15s timeouts, 256KB output
  • Sudo: Disabled
  • Shell Execution: Disabled (uses safe direct execution)

Development Policy

More permissive for development environments:

  • Additional Allowed Paths: /opt, /usr/local
  • Fewer Restrictions: Access to more system areas
  • Larger Limits: 10MB files, 60s timeouts, 1MB output
  • More Commands: Most development tools allowed
  • Sudo: Still disabled by default (can be enabled)

Custom Policies

Create your own security policy:

from main import SecurityPolicy

custom_policy = SecurityPolicy(
    allowed_paths=["/your/custom/paths"],
    forbidden_paths=["/sensitive/areas"],
    allowed_commands=["safe", "commands"],
    forbidden_commands=["dangerous", "commands"],
    max_command_timeout=30,
    allow_sudo=False,  # Use with extreme caution
    audit_actions=True
)

πŸ” Available Tools

File Operations

  • list_directory(path) - List directory contents with metadata
  • read_file(file_path) - Read file contents with size validation
  • write_file(file_path, content, create_dirs=False) - Write with atomic operations

System Operations

  • execute_command(command, working_dir=None) - Execute shell commands safely
  • get_system_info() - Get OS, memory, and disk information

Package Management

  • search_packages(query) - Search APT repositories
  • install_package(package_name) - Check package availability (listing only)

πŸ”’ Security Features

Protection Against Common Attacks

Path Traversal Prevention:

# These are all blocked:
../../../etc/passwd
/etc/passwd
/tmp/../etc/passwd
symlinks_to_sensitive_files

Command Injection Prevention:

# These are all blocked:
echo hello; rm -rf /
echo `cat /etc/passwd`
echo $(whoami)
ls | rm -rf /

Resource Exhaustion Protection:

  • File size limits prevent memory exhaustion
  • Execution timeouts prevent hanging processes
  • Output size limits prevent log flooding
  • Directory listing limits prevent enumeration attacks

Audit Trail

All operations are logged with:

  • User attribution
  • Timestamp and operation type
  • Full path resolution
  • Success/failure status
  • Security violation details

πŸ§ͺ Testing

Functionality Tests

# Test core functionality
python main.py --test

Security Validation

# Run comprehensive security tests
python main.py --security-test

Manual Testing

# Test MCP protocol directly
python test_client.py --simple

πŸ› οΈ Development

Adding New Tools

@mcp.tool("your_tool_name")
async def your_tool(param: str) -> str:
    """Tool description for AI assistant"""
    try:
        # Use controller methods for safe operations
        result = controller.safe_operation(param)
        return json.dumps(result, indent=2)
    except Exception as e:
        return json.dumps({"error": str(e)}, indent=2)

Extending Security

def create_custom_policy() -> SecurityPolicy:
    """Create a custom security policy"""
    return SecurityPolicy(
        allowed_paths=["/your/paths"],
        forbidden_commands=["dangerous", "commands"],
        # ... other settings
    )

🀝 Contributing

We welcome contributions! Please see our Contributing Guidelines for details.

Development Setup

  1. Fork the repository
  2. Create a feature branch: git checkout -b feature/amazing-feature
  3. Make your changes with tests
  4. Ensure all tests pass: python main.py --test && python main.py --security-test
  5. Submit a pull request

Code Standards

  • Follow PEP 8 style guidelines
  • Add type hints for all public functions
  • Include comprehensive docstrings
  • Write tests for new functionality
  • Maintain security-first principles

πŸ“„ License

This project is licensed under the MIT License - see the LICENSE file for details.

πŸ” Security Disclosure

If you discover a security vulnerability, please email [radjackbartok@proton.me] instead of creating a public issue. We take security seriously and will respond promptly.

πŸ™ Acknowledgments

  • Model Context Protocol team for the excellent protocol
  • Security researchers and the infosec community for best practices
  • Python security community for ongoing guidance

πŸ“ˆ Roadmap

  • Enhanced Logging - Structured JSON logging with more context
  • Container Support - Docker integration and container-aware policies
  • Network Tools - Safe networking utilities (ping, traceroute, etc.)
  • Process Management - Safe process monitoring and control
  • Configuration UI - Web interface for policy management
  • Integration Tests - Comprehensive end-to-end testing
  • Performance Optimization - Caching and performance improvements
  • Multi-User Support - Role-based access controls

Made for the security-conscious AI community

πŸ’‘ Pro Tip: Start with the secure policy and gradually increase permissions as needed. It's easier to add permissions than to recover from a security incident!