playbooks

home / mcp / mcp tools server

MCP Tools Server

Provides automated threat detection, baseline auditing, and mining device analysis with API access and a web dashboard.

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "honysyang-mcp_tools": {
      "command": "/home/uweic/miniconda3/bin/python3",
      "args": [
        "/home/uweic/shoot/tool_mcp/multi_func_security_mcp.py"
      ]
    }
  }
}

You have a unified MCP server that combines automated threat detection, baseline compliance checks, and mining device analysis with a web dashboard and API access. It helps you quickly discover security risks, track incidents, and automate response across cloud, server, and VM environments.

How to use

You will run the MCP server locally or on a management host and connect to it with a client or browser. Use the web dashboard to view the latest findings, monitor task progress, and access real-time events. You can also query the API endpoints to fetch findings, tasks, and logs for integration with your security workflow.

How to install

Prerequisites: Python 3.8 or newer is required on the system where you install and run the MCP server.

Install dependencies using Python’s package manager.

pip install psutil aiohttp python-whois pyyaml
```

```
pip install -r requirement

Configuration and usage notes

To start the MCP server with authentication and logging, run the following command.

python multi_func_security_mcp.py --auth-user admin --auth-pass securepassword --log-level INFO
```

Web dashboard and API run on port 8080 by default (http://localhost:8080). MCP tool services (when installed) run on port 8000.

MCP connect configuration and example

You can configure an MCP client to connect to the server for automated orchestration. The example configuration below shows how an MCP server can be exposed for tooling integration.

{
  "mcpServers": {
    "miner-detector-mcp": {
      "command": "/home/uweic/miniconda3/bin/python3",
      "args": [
        "/home/uweic/shoot/tool_mcp/multi_func_security_mcp.py"
      ]
    }
  }
}

Security and robustness notes

The server enforces access control with Basic Auth for most APIs and the web UI. It includes task de-duplication, cooldown periods, and safe subprocess handling to minimize the risk of wrongfully terminating processes or bypassing permissions. Optional features gracefully degrade if dependencies are missing, and all tool invocations are logged for auditing.

Troubleshooting and tips

If you encounter issues starting the server, verify Python 3.8+ is installed, ensure ports 8080 and 8000 are available, and confirm the auth-user and auth-pass values you pass to the startup command match what you plan to use for API access.

Available tools

log_analysis

Analyzes system and application logs to detect abnormal logins, password failures, cron changes, and permission changes.

security_check

Performs quick security checks to identify high-risk open ports and suspicious processes.

traceability_analysis

Automatically links various IOC results and findings to infer attack chains and abnormal relationships.

baseline_check

Checks system configuration against corporate security baselines, including file permissions, whitelists/blacklists, and sysctl settings.

miner_analysis

Identifies mining software behavior, wallets, pools, and persistence indicators.