Skip to main content
Glama

Ubuntu MCP Server

by pazuzu1w

Secure Ubuntu MCP Server

🔒 Security-First Model Context Protocol server for safe Ubuntu system operations

A hardened, production-ready Model Context Protocol (MCP) server that provides AI assistants with secure, controlled access to Ubuntu system operations. Built with comprehensive security controls, audit logging, and defense-in-depth principles.

✨ Key Features

🛡️ Security-First Architecture

  • Path traversal protection - Symlink resolution with allowlist/denylist controls
  • Command sanitization - Shell injection prevention with safe argument parsing
  • Resource limits - File size, execution timeouts, and output size controls
  • Comprehensive audit logging - All operations logged with user attribution
  • Defense in depth - Multiple security layers with fail-safe defaults

🎯 Core Capabilities

  • File Operations - Read, write, and list directories with permission validation
  • Command Execution - Safe shell command execution with whitelist/blacklist filtering
  • System Information - OS details, memory, and disk usage monitoring
  • Package Management - APT package search and listing (installation requires explicit config)

🏗️ Production Ready

  • Modular design with clear separation of concerns
  • Comprehensive error handling with meaningful error messages
  • Extensive test suite including security validation tests
  • Configurable policies for different use cases and environments
  • Zero-dependency security - Core security doesn't rely on external packages

🚀 Quick Start

Prerequisites

  • Ubuntu 18.04+ (tested on 20.04, 22.04, 24.04)
  • Python 3.9 or higher
  • Standard Unix utilities (ls, cat, echo, etc.)

Installation

# Clone the repository git clone https://github.com/yourusername/secure-ubuntu-mcp.git cd secure-ubuntu-mcp # Create and activate virtual environment python3 -m venv .venv source .venv/bin/activate # Install dependencies pip install -r requirements.txt # Verify installation with built-in tests python main.py --test

Basic Usage

# Start with secure policy (recommended) python main.py --policy secure # Start with development policy (more permissive) python main.py --policy dev # Test security measures python main.py --security-test

🔧 Integration

Claude Desktop

Getting Claude Desktop on Linux

Official Support: Claude Desktop doesn't officially support Linux, but the community has created solutions!

Recommended Method: Use the community Debian package by @aaddrick:

# Download and install Claude Desktop for Linux wget https://github.com/aaddrick/claude-desktop-debian/releases/latest/download/claude-desktop_latest_amd64.deb sudo dpkg -i claude-desktop_latest_amd64.deb sudo apt-get install -f # Fix any dependency issues

For other methods and troubleshooting, see: https://github.com/aaddrick/claude-desktop-debian

Configuration

Once Claude Desktop is installed, add to your configuration (~/.config/claude-desktop/claude_desktop_config.json):

{ "mcpServers": { "secure-ubuntu": { "command": "/path/to/secure-ubuntu-mcp/.venv/bin/python3", "args": ["/path/to/secure-ubuntu-mcp/main.py", "--policy", "secure"], "env": { "MCP_LOG_LEVEL": "INFO" } } } }

⚠️ Important: Use absolute paths and the virtual environment Python interpreter

Verification: After restarting Claude Desktop, you should see "secure-ubuntu" listed as a connected server, and Claude will have access to system control tools.

Other MCP Clients

The server implements the standard MCP protocol and works with any MCP-compatible client:

# Example with mcp Python client import asyncio from mcp.client import ClientSession async def example(): # Connect to the server # Implementation depends on your MCP client pass

🛡️ Security Policies

Secure Policy (Default)

Recommended for production and untrusted environments:

  • Allowed Paths: ~/, /tmp, /var/tmp
  • Forbidden Paths: /etc, /root, /boot, /sys, /proc, /dev, /usr, /bin, /sbin
  • Command Whitelist: ls, cat, echo, pwd, whoami, date, find, grep, apt (search only)
  • Resource Limits: 1MB files, 15s timeouts, 256KB output
  • Sudo: Disabled
  • Shell Execution: Disabled (uses safe direct execution)

Development Policy

More permissive for development environments:

  • Additional Allowed Paths: /opt, /usr/local
  • Fewer Restrictions: Access to more system areas
  • Larger Limits: 10MB files, 60s timeouts, 1MB output
  • More Commands: Most development tools allowed
  • Sudo: Still disabled by default (can be enabled)

Custom Policies

Create your own security policy:

from main import SecurityPolicy custom_policy = SecurityPolicy( allowed_paths=["/your/custom/paths"], forbidden_paths=["/sensitive/areas"], allowed_commands=["safe", "commands"], forbidden_commands=["dangerous", "commands"], max_command_timeout=30, allow_sudo=False, # Use with extreme caution audit_actions=True )

🔍 Available Tools

File Operations

  • list_directory(path) - List directory contents with metadata
  • read_file(file_path) - Read file contents with size validation
  • write_file(file_path, content, create_dirs=False) - Write with atomic operations

System Operations

  • execute_command(command, working_dir=None) - Execute shell commands safely
  • get_system_info() - Get OS, memory, and disk information

Package Management

  • search_packages(query) - Search APT repositories
  • install_package(package_name) - Check package availability (listing only)

🔒 Security Features

Protection Against Common Attacks

Path Traversal Prevention:

# These are all blocked: ../../../etc/passwd /etc/passwd /tmp/../etc/passwd symlinks_to_sensitive_files

Command Injection Prevention:

# These are all blocked: echo hello; rm -rf / echo `cat /etc/passwd` echo $(whoami) ls | rm -rf /

Resource Exhaustion Protection:

  • File size limits prevent memory exhaustion
  • Execution timeouts prevent hanging processes
  • Output size limits prevent log flooding
  • Directory listing limits prevent enumeration attacks

Audit Trail

All operations are logged with:

  • User attribution
  • Timestamp and operation type
  • Full path resolution
  • Success/failure status
  • Security violation details

🧪 Testing

Functionality Tests

# Test core functionality python main.py --test

Security Validation

# Run comprehensive security tests python main.py --security-test

Manual Testing

# Test MCP protocol directly python test_client.py --simple

📊 Example Usage

Once integrated with an AI assistant:

System Monitoring:

"Check my system status and disk space"

File Management:

"List the files in my home directory and show me the largest ones"

Development Tasks:

"Check if Python is installed and show me the version"

Log Analysis:

"Look for any error files in my project directory"

⚙️ Configuration

Environment Variables

  • MCP_LOG_LEVEL - Logging level (DEBUG, INFO, WARNING, ERROR)
  • MCP_POLICY - Security policy (secure, dev)
  • MCP_CONFIG_PATH - Path to custom configuration file

Configuration File

Create config.json for custom settings:

{ "server": { "name": "secure-ubuntu-controller", "version": "1.0.0", "log_level": "INFO" }, "security": { "policy_name": "secure", "allowed_paths": ["~/", "/tmp"], "max_command_timeout": 30, "allow_sudo": false, "audit_actions": true } }

🛠️ Development

Adding New Tools

@mcp.tool("your_tool_name") async def your_tool(param: str) -> str: """Tool description for AI assistant""" try: # Use controller methods for safe operations result = controller.safe_operation(param) return json.dumps(result, indent=2) except Exception as e: return json.dumps({"error": str(e)}, indent=2)

Extending Security

def create_custom_policy() -> SecurityPolicy: """Create a custom security policy""" return SecurityPolicy( allowed_paths=["/your/paths"], forbidden_commands=["dangerous", "commands"], # ... other settings )

🔧 Troubleshooting

Common Issues

"Server appears to hang"

  • This is normal! MCP servers run continuously and communicate via stdio
  • The server is waiting for MCP protocol messages

"ModuleNotFoundError: No module named 'mcp'"

  • Ensure you're using the virtual environment Python interpreter
  • Check your Claude Desktop config uses the full path to .venv/bin/python3

"SecurityViolation" errors

  • Check if the path/command is allowed by your security policy
  • Review audit logs at /tmp/ubuntu_mcp_audit.log
  • Consider using development policy for testing

"Permission denied" errors

  • Verify your user has access to the requested paths
  • Check file/directory permissions with ls -la

Debug Mode

# Enable verbose logging python main.py --log-level DEBUG --policy secure # Check audit logs tail -f /tmp/ubuntu_mcp_audit.log

🤝 Contributing

We welcome contributions! Please see our Contributing Guidelines for details.

Development Setup

  1. Fork the repository
  2. Create a feature branch: git checkout -b feature/amazing-feature
  3. Make your changes with tests
  4. Ensure all tests pass: python main.py --test && python main.py --security-test
  5. Submit a pull request

Code Standards

  • Follow PEP 8 style guidelines
  • Add type hints for all public functions
  • Include comprehensive docstrings
  • Write tests for new functionality
  • Maintain security-first principles

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

🔐 Security Disclosure

If you discover a security vulnerability, please email [radjackbartok@proton.me] instead of creating a public issue. We take security seriously and will respond promptly.

🙏 Acknowledgments

  • Model Context Protocol team for the excellent protocol
  • Security researchers and the infosec community for best practices
  • Python security community for ongoing guidance

📈 Roadmap

  • Enhanced Logging - Structured JSON logging with more context
  • Container Support - Docker integration and container-aware policies
  • Network Tools - Safe networking utilities (ping, traceroute, etc.)
  • Process Management - Safe process monitoring and control
  • Configuration UI - Web interface for policy management
  • Integration Tests - Comprehensive end-to-end testing
  • Performance Optimization - Caching and performance improvements
  • Multi-User Support - Role-based access controls

Made for the security-conscious AI community

💡 Pro Tip: Start with the secure policy and gradually increase permissions as needed. It's easier to add permissions than to recover from a security incident!

Related MCP Servers

  • -
    security
    A
    license
    -
    quality
    A secure server that enables AI applications to execute shell commands in specified directories, supporting multiple shell types (bash, sh, cmd, powershell) with built-in security features like directory isolation and timeout control.
    Last updated -
    10
    Python
    Apache 2.0
    • Linux
    • Apple
  • A
    security
    A
    license
    A
    quality
    A Model Context Protocol server that enables AI clients to interact with virtual Ubuntu desktops, allowing them to browse the web, run code, and control instances through mouse/keyboard actions and bash commands.
    Last updated -
    5
    14
    JavaScript
    MIT License
  • -
    security
    A
    license
    -
    quality
    A server that enables AI assistants to understand and interact with Unity projects in real-time, providing access to scene hierarchy, project settings, and the ability to execute code directly in the Unity Editor.
    Last updated -
    78
    MIT License
    • Linux
    • Apple
  • -
    security
    A
    license
    -
    quality
    A server that enables AI assistants like Claude to safely run Python code and access websites, processing data for better AI understanding while providing helpful error messages.
    Last updated -
    3
    Python
    GPL 3.0
    • Linux
    • Apple

View all related MCP servers

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/pazuzu1w/ubuntu_mcp_server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server