- Home
- MCP servers
- Secure Ubuntu
Secure Ubuntu
- python
24
GitHub Stars
python
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"pazuzu1w-ubuntu_mcp_server": {
"command": "/path/to/secure-ubuntu-mcp/.venv/bin/python3",
"args": [
"/path/to/secure-ubuntu-mcp/main.py",
"--policy",
"secure"
],
"env": {
"MCP_LOG_LEVEL": "INFO"
}
}
}
}You deploy a secure, production-ready MCP server that enables AI assistants to perform safe Ubuntu system operations. It enforces strong security policies, audit logging, and defense-in-depth controls so you can automate tasks while keeping the host safe and auditable.
How to use
Connect your MCP client to the secure MCP server and operate through policy-driven commands. Start with the secure policy to enforce strict path and command controls, then gradually expand permissions as you validate behavior. Use your client to request file read/write, directory listings, system information, and safe package management within the configured policy.
Typical usage patterns include: monitoring system health, reading configuration files, listing directories, and performing safe package searches. All actions are subject to the active security policy and audit logging so you can trace who did what and when.
To verify that the server is reachable and responding, connect with your MCP client and perform a basic health check or a simple read of a permitted file. Ensure the client adheres to the configured policy to avoid violations and audit events.
How to install
Prerequisites: you need an Ubuntu host (20.04 or newer) and Python 3.9 or higher. You also need standard Unix utilities like ls, cat, and echo.
Step 1: Create a working directory and set up a Python virtual environment.
Step 2: Install dependencies inside the virtual environment using pip.
Step 3: Run the server with the secure policy to start enforcing strict controls.
Configuration and security
Security is policy-driven. The default Secure Policy restricts paths, commands, and resource usage, and disables sudo and shell execution by default. You can create custom policies to fit your use case while maintaining auditability.
Environment variables and MCP configuration are used to control logging, policy selection, and server behavior. The example Claude Desktop integration shows how to expose the MCP server to a desktop client by referencing a local Python interpreter in a virtual environment.
Example environment variable for logging visibility:
# Example environment configuration
export MCP_LOG_LEVEL=INFO
Claude Desktop integration example
To connect Claude Desktop to the MCP server, configure Claude Desktop to load a connected server with the secure policy. Use an absolute path to your virtual environment Python interpreter and the main MCP script.
{
"mcpServers": {
"secure_ubuntu": {
"command": "/path/to/secure-ubuntu-mcp/.venv/bin/python3",
"args": ["/path/to/secure-ubuntu-mcp/main.py", "--policy", "secure"],
"env": {
"MCP_LOG_LEVEL": "INFO"
}
}
}
}
Troubleshooting tips
If you see a SecurityViolation, verify that the requested path and command are allowed by your active policy and review audit logs for details.
If the server seems unresponsive, remember that MCP servers run continuously and communicate via the MCP protocol. Ensure you are using the correct policy and that your client is correctly configured.
Available tools
list_directory
List directory contents with metadata and permissions checks.
read_file
Read file contents with size validation to prevent excessive memory usage.
write_file
Write content to a file with optional directory creation and atomic operations.
execute_command
Safely execute shell commands with policy-based filtering.
get_system_info
Provide OS details, memory, and disk usage information.
search_packages
Search APT repositories for package names and descriptions.
install_package
Check package availability for installation; lists only when using secure policy.