Skip to main content
hc
Submit
mcpSource-backedReview first Safety Privacy

Linux MCP Server for Claude

Run Linux system diagnostics from Claude — inspect CPU, memory, disk, network, services, processes, and journal logs — with the official Linux MCP Server from Red Hat's RHEL Lightspeed team, supporting both local and remote SSH-connected hosts.

by Red Hat RHEL Lightspeed·added 2026-06-18·
Claude CodeCodexCursorClaude Desktop
HarnessClaude CodeCodexCursorClaude Desktop
Review first review before installing

Open the source and read safety notes before installing.

Safety notes

  • The default `fixed` toolset is read-only — no changes are made to the system; only diagnostic information is retrieved.
  • Set `LINUX_MCP_TOOLSET=run_script` to enable script execution — this allows arbitrary command execution on the host; only enable in trusted environments.
  • For remote hosts, `LINUX_MCP_SSH_KEY_PATH` is used for key-based SSH authentication — ensure the key is protected with appropriate permissions.

Privacy notes

  • System information including hostname, OS release, CPU model, active network connections, service names, process names, and journal log content are surfaced in Claude's context.
  • Journal logs may contain sensitive application data — scope `LINUX_MCP_ALLOWED_LOG_PATHS` to limit which logs are readable.

Prerequisites

  • A Linux system running locally or accessible via SSH.
  • Python with `uvx` available.
  • An MCP client such as Claude Code or Claude Desktop.

Schema details

Install type
cli
Troubleshooting
No
Source repository stats
Scope
Source repo
Collection metadata
Estimated setup
5 minutes
Difficulty
beginner
Tool listing metadata
Full copyable content
{
  "mcpServers": {
    "linux": {
      "command": "uvx",
      "args": ["linux-mcp-server"]
    }
  }
}

About this resource

Overview

The Linux MCP Server is the official Model Context Protocol server from Red Hat's RHEL Lightspeed team, giving Claude read-only access to Linux system diagnostics. It covers system information, CPU, memory, disk usage, network connections, systemd services, journal logs, and running processes — for both local and SSH-connected remote hosts. Licensed under Apache-2.0.

The default fixed toolset is strictly read-only. An optional run_script toolset enables arbitrary command execution when needed for advanced diagnostics.

Key capabilities

  • System info — hostname, OS release, kernel version, uptime.
  • CPU & memory — CPU model, core count, load averages, memory usage.
  • Disk — filesystem mount point usage and capacity.
  • Services — list all systemd units, get status of specific services.
  • Journal logs — retrieve recent logs filtered by service or unit.
  • Processes — list running processes sorted by CPU or memory.
  • Network — active network connections and listening ports.
  • Remote hosts — SSH key-based connections for remote system diagnostics.

Tools

Tool Purpose
system_info Hostname, OS release, kernel, uptime
cpu_info CPU model, core count, load averages
memory_info Memory usage via free
disk_usage Filesystem mount point usage
list_services All systemctl service units
service_status Status of a specific service
service_logs Recent journal logs for a service
journal_logs Filtered systemd journal queries
list_processes Running processes sorted by CPU
network_connections Active network connections

Configuration options

Env var Default Purpose
LINUX_MCP_TOOLSET fixed fixed (read-only), run_script, or both
LINUX_MCP_SSH_KEY_PATH SSH private key for remote hosts
LINUX_MCP_KEY_PASSPHRASE SSH key passphrase
LINUX_MCP_ALLOWED_LOG_PATHS Comma-separated allowed log file paths
LINUX_MCP_COMMAND_TIMEOUT 30 Command timeout in seconds
LINUX_MCP_TRANSPORT stdio stdio, http, or streamable-http

How it compares

Server Read-only mode Remote SSH systemd Journal logs Notes
Linux MCP Yes (default) Yes Yes Yes Official, RHEL-backed
Desktop Commander No No No No Full shell access
CLI MCP Server No No No No General command runner

Linux MCP is the only system diagnostics MCP with a read-only default mode, SSH remote support, and native systemd/journal integration from an enterprise Linux vendor.

Installation

Claude Code (local)

claude mcp add linux -- uvx linux-mcp-server

Claude Code (remote SSH host)

claude mcp add linux \
  -e LINUX_MCP_SSH_KEY_PATH=/path/to/private-key \
  -- uvx linux-mcp-server

Claude Desktop

{
  "mcpServers": {
    "linux": {
      "command": "uvx",
      "args": ["linux-mcp-server"]
    }
  }
}

Requirements

  • A Linux system (local or remote via SSH).
  • Python with uvx (from uv).
  • An MCP client (Claude Code or Claude Desktop).

Security

  • The default fixed toolset is read-only — no system modifications are possible.
  • Only enable run_script toolset if you need arbitrary command execution and trust the Claude session completely.
  • Restrict readable log paths with LINUX_MCP_ALLOWED_LOG_PATHS in production environments.

Source Verification Notes

Verified on 2026-06-18:

  • Official repository rhel-lightspeed/linux-mcp-server (Apache-2.0) on PyPI as linux-mcp-server documents the uvx install, all diagnostic tools (system_info, cpu_info, memory_info, disk_usage, list_services, service_status, service_logs, journal_logs, list_processes, network_connections), the fixed/run_script/both toolset modes, SSH remote configuration, and optional env vars.
  • Claude Code MCP documentation at code.claude.com/docs/en/mcp describes the stdio connector pattern used above.
#linux#devops#sysadmin#rhel#systemd#diagnostics#monitoring

Source citations

Add this badge to your README

Show that Linux MCP Server for Claude is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

Listed on HeyClaude
[![Listed on HeyClaude](https://heyclau.de/badge/mcp/linux-mcp-server.svg)](https://heyclau.de/entry/mcp/linux-mcp-server)

How it compares

Linux MCP Server for Claude side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

FieldLinux MCP Server for Claude

Run Linux system diagnostics from Claude — inspect CPU, memory, disk, network, services, processes, and journal logs — with the official Linux MCP Server from Red Hat's RHEL Lightspeed team, supporting both local and remote SSH-connected hosts.

Open dossier 		ConfigCat MCP Server for Claude

Manage ConfigCat feature flags from Claude — create, update, and delete flags and targeting rules, manage environments, find and clean up stale flags, and audit change history — with the official ConfigCat MCP server and its 52 tools for the full ConfigCat Management API.

Open dossier 		OpenTelemetry MCP Server for Claude

Analyze distributed traces and LLM observability data from Claude — search traces and spans, find errors, list services, analyze LLM token usage, identify slow LLM operations, and discover AI model usage patterns — with the OpenTelemetry MCP server supporting Jaeger, Grafana Tempo, and Traceloop backends.

Open dossier 		Radar MCP Server

Built-in HTTP MCP server for Radar, the local-first Kubernetes UI that gives Claude token-optimized cluster topology, health, events, logs, audit, RBAC, GitOps, workload, and resource-management tools.

Open dossier
Trust
Install riskReview firstReview firstReview firstReview first
Notes Safety Privacy Safety Privacy Safety Privacy Safety Privacy
Categorymcpmcpmcpmcp
Sourcesource-backedsource-backedsource-backedsource-backed
AuthorRed Hat RHEL LightspeedConfigCatTraceloopSkyhook
Added2026-06-182026-06-182026-06-182026-06-06
Platforms
Claude CodeCodexCursorClaude Desktop
Claude CodeClaude Desktop
Claude CodeClaude Desktop
Claude CodeClaude Desktop
Source repo
Safety notesThe default `fixed` toolset is read-only — no changes are made to the system; only diagnostic information is retrieved. Set `LINUX_MCP_TOOLSET=run_script` to enable script execution — this allows arbitrary command execution on the host; only enable in trusted environments. For remote hosts, `LINUX_MCP_SSH_KEY_PATH` is used for key-based SSH authentication — ensure the key is protected with appropriate permissions.Tools can create, update, and delete feature flags, targeting rules, environments, and segments — changes affect live feature flag configuration. Use `list-staleflags` before deleting flags to identify zombie flags and avoid breaking active SDKs.All tools are read-only — the server queries trace data but does not modify your application or tracing backend. Trace data may contain sensitive information (request parameters, user IDs, SQL queries) — ensure Claude has appropriate access to this data.Radar MCP can inspect live Kubernetes resources, topology, warning events, logs, metrics, package inventory, audit findings, RBAC permissions, Helm releases, ArgoCD resources, and FluxCD resources. The MCP implementation includes mutating tools for applying YAML, patching resources, restarting or scaling workloads, triggering or suspending CronJobs, managing GitOps resources, and cordoning, uncordoning, or draining nodes. Mutating tools are RBAC-enforced and annotated as destructive-capable, but clients and operators should still require human review before running them. `apply_resource` with forced ownership can take server-side-apply fields from other managers such as Helm or GitOps controllers. `manage_node drain` can evict pods and affect live workloads. Radar provides flags and environment variables that disable MCP, disable exec/local terminal paths, or loosen localhost/origin protections; only relax those protections in trusted development contexts.
Privacy notesSystem information including hostname, OS release, CPU model, active network connections, service names, process names, and journal log content are surfaced in Claude's context. Journal logs may contain sensitive application data — scope `LINUX_MCP_ALLOWED_LOG_PATHS` to limit which logs are readable.Feature flag configurations, targeting rules, audience segments, SDK keys, and audit log entries from your ConfigCat account are surfaced in Claude's context. `CONFIGCAT_API_USER` and `CONFIGCAT_API_PASS` are Management API credentials — keep them in the MCP config env and never commit them to version control.Distributed trace content including service names, operation names, error messages, HTTP parameters, and LLM prompt/response metadata may be surfaced in Claude's context. For Traceloop backend, `BACKEND_API_KEY` is required and grants access to your Traceloop organization's trace data.Kubeconfig paths, cluster names, namespaces, resource names, manifests, labels, annotations, topology edges, metrics, events, logs, RBAC rules, Helm release data, GitOps metadata, and audit findings may be exposed to the MCP client and model provider. Radar's MCP docs state that Secret data is not exposed and environment/log values are redacted for known sensitive patterns, but metadata, key names, errors, and operational context can still be sensitive. Workload logs can contain credentials, customer data, request payloads, internal hostnames, incident details, or proprietary deployment context. In-cluster deployments without authentication make all MCP callers share the pod service account view, so restrict network access, enable auth, and scope RBAC before exposing shared endpoints.
Prerequisites
  • A Linux system running locally or accessible via SSH.
  • Python with `uvx` available.
  • An MCP client such as Claude Code or Claude Desktop.
  • A ConfigCat account — log in at app.configcat.com.
  • Management API credentials: My Account → Public API Credentials → + Create new credentials (these are separate from SDK keys).
  • Node.js with `npx` available.
  • An MCP client such as Claude Code or Claude Desktop.
  • An OpenTelemetry-compatible tracing backend: Jaeger (local), Grafana Tempo, or Traceloop Cloud.
  • Services instrumented with OpenTelemetry sending traces to your backend.
  • Python 3.11+ with `uvx` available.
  • An MCP client such as Claude Code or Claude Desktop.
  • Radar installed from Homebrew, Krew, GitHub Releases, Scoop, or another upstream-supported path.
  • Running Radar server or `kubectl radar` session with the MCP endpoint enabled.
  • MCP client that supports Streamable HTTP server configuration.
  • Kubernetes kubeconfig, context, namespace scope, or in-cluster service account reviewed before connecting an AI client.
Install
claude mcp add linux -- uvx linux-mcp-server
claude mcp add configcat -e CONFIGCAT_API_USER=<your-api-user> -e CONFIGCAT_API_PASS=<your-api-pass> -- npx -y @configcat/mcp-server
claude mcp add opentelemetry -e BACKEND_TYPE=jaeger -e BACKEND_URL=http://localhost:16686 -- uvx opentelemetry-mcp
brew install skyhook-io/tap/radar
Config
{
  "mcpServers": {
    "linux": {
      "command": "uvx",
      "args": ["linux-mcp-server"],
      "env": {
        "LINUX_MCP_TOOLSET": "fixed",
        "LINUX_MCP_COMMAND_TIMEOUT": "30"
      }
    }
  }
}
{
  "mcpServers": {
    "configcat": {
      "command": "npx",
      "args": ["-y", "@configcat/mcp-server"],
      "env": {
        "CONFIGCAT_API_USER": "<your-api-user>",
        "CONFIGCAT_API_PASS": "<your-api-pass>",
        "CONFIGCAT_BASE_URL": "https://api.configcat.com"
      }
    }
  }
}
{
  "mcpServers": {
    "opentelemetry": {
      "command": "uvx",
      "args": ["opentelemetry-mcp"],
      "env": {
        "BACKEND_TYPE": "jaeger",
        "BACKEND_URL": "http://localhost:16686",
        "MAX_TRACES_PER_QUERY": "100",
        "BACKEND_TIMEOUT": "30"
      }
    }
  }
}
{
  "mcpServers": {
    "radar": {
      "url": "RADAR_MCP_URL"
    }
  }
}
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimed

Signals

Loading live community signals…

More like this, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.