Allows execution of Git commands on the Ubuntu system through the security-controlled command execution capability.
Provides secure access to Ubuntu system operations including file management, command execution, package installation, system information retrieval, and process management with configurable security controls.
Secure Ubuntu MCP Server
🔒 Security-First Model Context Protocol server for safe Ubuntu system operations
A hardened, production-ready Model Context Protocol (MCP) server that provides AI assistants with secure, controlled access to Ubuntu system operations. Built with comprehensive security controls, audit logging, and defense-in-depth principles.
✨ Key Features
🛡️ Security-First Architecture
Path traversal protection - Symlink resolution with allowlist/denylist controls
Command sanitization - Shell injection prevention with safe argument parsing
Resource limits - File size, execution timeouts, and output size controls
Comprehensive audit logging - All operations logged with user attribution
Defense in depth - Multiple security layers with fail-safe defaults
🎯 Core Capabilities
File Operations - Read, write, and list directories with permission validation
Command Execution - Safe shell command execution with whitelist/blacklist filtering
System Information - OS details, memory, and disk usage monitoring
Package Management - APT package search and listing (installation requires explicit config)
🏗️ Production Ready
Modular design with clear separation of concerns
Comprehensive error handling with meaningful error messages
Extensive test suite including security validation tests
Configurable policies for different use cases and environments
Zero-dependency security - Core security doesn't rely on external packages
🚀 Quick Start
Prerequisites
Ubuntu 18.04+ (tested on 20.04, 22.04, 24.04)
Python 3.9 or higher
Standard Unix utilities (ls, cat, echo, etc.)
Installation
Basic Usage
🔧 Integration
Claude Desktop
Getting Claude Desktop on Linux
Official Support: Claude Desktop doesn't officially support Linux, but the community has created solutions!
Recommended Method: Use the community Debian package by @aaddrick:
For other methods and troubleshooting, see: https://github.com/aaddrick/claude-desktop-debian
Configuration
Once Claude Desktop is installed, add to your configuration (~/.config/claude-desktop/claude_desktop_config.json
):
⚠️ Important: Use absolute paths and the virtual environment Python interpreter
Verification: After restarting Claude Desktop, you should see "secure-ubuntu" listed as a connected server, and Claude will have access to system control tools.
Other MCP Clients
The server implements the standard MCP protocol and works with any MCP-compatible client:
🛡️ Security Policies
Secure Policy (Default)
Recommended for production and untrusted environments:
Allowed Paths:
~/
,/tmp
,/var/tmp
Forbidden Paths:
/etc
,/root
,/boot
,/sys
,/proc
,/dev
,/usr
,/bin
,/sbin
Command Whitelist:
ls
,cat
,echo
,pwd
,whoami
,date
,find
,grep
,apt
(search only)Resource Limits: 1MB files, 15s timeouts, 256KB output
Sudo: Disabled
Shell Execution: Disabled (uses safe direct execution)
Development Policy
More permissive for development environments:
Additional Allowed Paths:
/opt
,/usr/local
Fewer Restrictions: Access to more system areas
Larger Limits: 10MB files, 60s timeouts, 1MB output
More Commands: Most development tools allowed
Sudo: Still disabled by default (can be enabled)
Custom Policies
Create your own security policy:
🔍 Available Tools
File Operations
list_directory(path)
- List directory contents with metadataread_file(file_path)
- Read file contents with size validationwrite_file(file_path, content, create_dirs=False)
- Write with atomic operations
System Operations
execute_command(command, working_dir=None)
- Execute shell commands safelyget_system_info()
- Get OS, memory, and disk information
Package Management
search_packages(query)
- Search APT repositoriesinstall_package(package_name)
- Check package availability (listing only)
🔒 Security Features
Protection Against Common Attacks
Path Traversal Prevention:
Command Injection Prevention:
Resource Exhaustion Protection:
File size limits prevent memory exhaustion
Execution timeouts prevent hanging processes
Output size limits prevent log flooding
Directory listing limits prevent enumeration attacks
Audit Trail
All operations are logged with:
User attribution
Timestamp and operation type
Full path resolution
Success/failure status
Security violation details
🧪 Testing
Functionality Tests
Security Validation
Manual Testing
📊 Example Usage
Once integrated with an AI assistant:
System Monitoring:
"Check my system status and disk space"
File Management:
"List the files in my home directory and show me the largest ones"
Development Tasks:
"Check if Python is installed and show me the version"
Log Analysis:
"Look for any error files in my project directory"
⚙️ Configuration
Environment Variables
MCP_LOG_LEVEL
- Logging level (DEBUG, INFO, WARNING, ERROR)MCP_POLICY
- Security policy (secure, dev)MCP_CONFIG_PATH
- Path to custom configuration file
Configuration File
Create config.json
for custom settings:
🛠️ Development
Adding New Tools
Extending Security
🔧 Troubleshooting
Common Issues
"Server appears to hang"
This is normal! MCP servers run continuously and communicate via stdio
The server is waiting for MCP protocol messages
"ModuleNotFoundError: No module named 'mcp'"
Ensure you're using the virtual environment Python interpreter
Check your Claude Desktop config uses the full path to
.venv/bin/python3
"SecurityViolation" errors
Check if the path/command is allowed by your security policy
Review audit logs at
/tmp/ubuntu_mcp_audit.log
Consider using development policy for testing
"Permission denied" errors
Verify your user has access to the requested paths
Check file/directory permissions with
ls -la
Debug Mode
🤝 Contributing
We welcome contributions! Please see our Contributing Guidelines for details.
Development Setup
Fork the repository
Create a feature branch:
git checkout -b feature/amazing-feature
Make your changes with tests
Ensure all tests pass:
python main.py --test && python main.py --security-test
Submit a pull request
Code Standards
Follow PEP 8 style guidelines
Add type hints for all public functions
Include comprehensive docstrings
Write tests for new functionality
Maintain security-first principles
📄 License
This project is licensed under the MIT License - see the LICENSE file for details.
🔐 Security Disclosure
If you discover a security vulnerability, please email [radjackbartok@proton.me] instead of creating a public issue. We take security seriously and will respond promptly.
🙏 Acknowledgments
Model Context Protocol team for the excellent protocol
Security researchers and the infosec community for best practices
Python security community for ongoing guidance
📈 Roadmap
Enhanced Logging - Structured JSON logging with more context
Container Support - Docker integration and container-aware policies
Network Tools - Safe networking utilities (ping, traceroute, etc.)
Process Management - Safe process monitoring and control
Configuration UI - Web interface for policy management
Integration Tests - Comprehensive end-to-end testing
Performance Optimization - Caching and performance improvements
Multi-User Support - Role-based access controls
Made for the security-conscious AI community
💡 Pro Tip: Start with the secure policy and gradually increase permissions as needed. It's easier to add permissions than to recover from a security incident!
This server cannot be installed
hybrid server
The server is able to function both locally and remotely, depending on the configuration or use case.
A secure protocol server that allows AI assistants to safely interact with Ubuntu systems through controlled file operations, command execution, package management, and system information retrieval.
Related MCP Servers
- AsecurityAlicenseAqualityA secure server that enables AI applications to execute shell commands in specified directories, supporting multiple shell types (bash, sh, cmd, powershell) with built-in security features like directory isolation and timeout control.Last updated -113Apache 2.0
- AsecurityAlicenseAqualityA Model Context Protocol server that enables AI clients to interact with virtual Ubuntu desktops, allowing them to browse the web, run code, and control instances through mouse/keyboard actions and bash commands.Last updated -517MIT License
- -securityAlicense-qualityA server that enables AI assistants to understand and interact with Unity projects in real-time, providing access to scene hierarchy, project settings, and the ability to execute code directly in the Unity Editor.Last updated -93MIT License
- -securityAlicense-qualityA server that enables AI assistants like Claude to safely run Python code and access websites, processing data for better AI understanding while providing helpful error messages.Last updated -3GPL 3.0