Secure Ubuntu

an mcp server built to give claude config limited control over ubuntu os operations
  • python

24

GitHub Stars

python

Language

6 months ago

First Indexed

2 months ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "pazuzu1w-ubuntu_mcp_server": {
      "command": "/path/to/secure-ubuntu-mcp/.venv/bin/python3",
      "args": [
        "/path/to/secure-ubuntu-mcp/main.py",
        "--policy",
        "secure"
      ],
      "env": {
        "MCP_LOG_LEVEL": "INFO"
      }
    }
  }
}

You deploy a secure, production-ready MCP server that enables AI assistants to perform safe Ubuntu system operations. It enforces strong security policies, audit logging, and defense-in-depth controls so you can automate tasks while keeping the host safe and auditable.

How to use

Connect your MCP client to the secure MCP server and operate through policy-driven commands. Start with the secure policy to enforce strict path and command controls, then gradually expand permissions as you validate behavior. Use your client to request file read/write, directory listings, system information, and safe package management within the configured policy.

Typical usage patterns include: monitoring system health, reading configuration files, listing directories, and performing safe package searches. All actions are subject to the active security policy and audit logging so you can trace who did what and when.

To verify that the server is reachable and responding, connect with your MCP client and perform a basic health check or a simple read of a permitted file. Ensure the client adheres to the configured policy to avoid violations and audit events.

How to install

Prerequisites: you need an Ubuntu host (20.04 or newer) and Python 3.9 or higher. You also need standard Unix utilities like ls, cat, and echo.

Step 1: Create a working directory and set up a Python virtual environment.

Step 2: Install dependencies inside the virtual environment using pip.

Step 3: Run the server with the secure policy to start enforcing strict controls.

Configuration and security

Security is policy-driven. The default Secure Policy restricts paths, commands, and resource usage, and disables sudo and shell execution by default. You can create custom policies to fit your use case while maintaining auditability.

Environment variables and MCP configuration are used to control logging, policy selection, and server behavior. The example Claude Desktop integration shows how to expose the MCP server to a desktop client by referencing a local Python interpreter in a virtual environment.

Example environment variable for logging visibility:

# Example environment configuration
export MCP_LOG_LEVEL=INFO

Claude Desktop integration example

To connect Claude Desktop to the MCP server, configure Claude Desktop to load a connected server with the secure policy. Use an absolute path to your virtual environment Python interpreter and the main MCP script.

{
  "mcpServers": {
    "secure_ubuntu": {
      "command": "/path/to/secure-ubuntu-mcp/.venv/bin/python3",
      "args": ["/path/to/secure-ubuntu-mcp/main.py", "--policy", "secure"],
      "env": {
        "MCP_LOG_LEVEL": "INFO"
      }
    }
  }
}

Troubleshooting tips

If you see a SecurityViolation, verify that the requested path and command are allowed by your active policy and review audit logs for details.

If the server seems unresponsive, remember that MCP servers run continuously and communicate via the MCP protocol. Ensure you are using the correct policy and that your client is correctly configured.

Available tools

list_directory

List directory contents with metadata and permissions checks.

read_file

Read file contents with size validation to prevent excessive memory usage.

write_file

Write content to a file with optional directory creation and atomic operations.

execute_command

Safely execute shell commands with policy-based filtering.

get_system_info

Provide OS details, memory, and disk usage information.

search_packages

Search APT repositories for package names and descriptions.

install_package

Check package availability for installation; lists only when using secure policy.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational