ubuntu_mcp_server

This MCP server provides a security-first interface for performing safe Ubuntu system operations via the MCP protocol. It exposes capabilities for secure file operations (read, list, write with validation), guarded system command execution (through a whitelist/blacklist approach and safe argument parsing), system information retrieval (OS details, memory, disk usage), and basic package management (APT search and listing). The server enforces policy-based restrictions, audit logging, and defense-in-depth controls to minimize risk when interacting with the host.

To use it, connect an MCP client to the server (the endpoint is defined by your deployment) and issue the standard MCP commands to read files, list directories, run permitted commands, or query system information. The controller applies the configured security policy by validating paths, commands, and resource usage before performing any action. You can also tailor the behavior by adjusting policies and environment variables, such as setting the logging level or selecting a policy profile (secure by default).

Prerequisites\n- Ubuntu 18.04+ (tested on 20.04, 22.04, 24.04)\n- Python 3.9+\n- Git\n- Basic build tools (optional for some environments)\n\nStep-by-step installation\n1) Clone the repository\nbash\ngit clone https://github.com/yourusername/secure-ubuntu-mcp.git\ncd secure-ubuntu-mcp\n\n2) Create and activate a virtual environment\nbash\npython3 -m venv .venv\nsource .venv/bin/activate\n\n3) Install dependencies\nbash\npip install -r requirements.txt\n\n4) Run built-in tests (optional)\nbash\npython main.py --test\n\n5) Start the MCP server\nbash\npython main.py --policy secure\n

Environment and configuration tips:\n- Use absolute paths in any client configuration or integration to avoid path resolution issues.\n- Configure MCP_LOG_LEVEL to control verbosity during debugging.\n- If you need dev-mode access for testing, switch MCP_POLICY to dev but ensure you switch back to secure in production.\n- Ensure the host system has appropriate permissions and auditing enabled so all MCP actions are logged.\n- If running behind containers or orchestrators, map volumes for persistent logs and ensure the Python interpreter path matches the virtual environment being used.\n- Review and adjust the security policy (paths, commands, timeouts, and output limits) to fit your environment and threat model.