systemd-mcp
by openSUSE
Overview
Manages systemd units, inspects logs, reads system files, and retrieves man pages for Linux systems via Model Context Protocol.
Installation
go run systemd-mcp.goEnvironment Variables
- SYSTEMD_MCP_HTTP
- SYSTEMD_MCP_LOGFILE
- SYSTEMD_MCP_VERBOSE
- SYSTEMD_MCP_DEBUG
- SYSTEMD_MCP_LOG_JSON
- SYSTEMD_MCP_LIST_TOOLS
- SYSTEMD_MCP_ALLOW_WRITE
- SYSTEMD_MCP_ALLOW_READ
- SYSTEMD_MCP_AUTH_REGISTER
- SYSTEMD_MCP_ENABLED_TOOLS
- SYSTEMD_MCP_TIMEOUT
- SYSTEMD_MCP_NOAUTH
- SYSTEMD_MCP_INTERNAL_AGENT
Security Notes
The server is designed to run as root (or requests root privileges via `pkexec`), making any vulnerability critical. While it integrates `polkit` for granular authorization, the `--noauth` flag completely bypasses all security, giving any client full root control over `systemd` and the filesystem. The `get_file` tool allows reading arbitrary files as root, which is a significant risk. Although `exec.Command` is used to prevent basic command injection for `man` and `getfacl` arguments, the inherent power of the application at root level, especially with the `--noauth` option, poses substantial security concerns if not configured or used carefully.
Similar Servers
mcp-server-kubernetes
Provides a Model Context Protocol (MCP) server for managing Kubernetes clusters via kubectl and Helm commands.
cosmotop
System monitoring and information exposure via MCP protocol.
linux-mcp-server
A Model Context Protocol (MCP) server for read-only Linux system administration, diagnostics, and troubleshooting on RHEL-based systems.
prometheus-mcp
Provides a Model Context Protocol (MCP) interface and CLI tools for querying Prometheus metrics, including discovery, instant/range queries, and an optional metrics exporter.