# Defense MCP I thought about naming it ShieldsUP! or HardenSoft but I figure I'll just keep it simple at Defense MCP. ## Quick Start ```bash # Connect this server (installs CLI if needed) npx -y @smithery/cli@latest mcp add bottobot/defense-mcp-server # Browse available tools npx -y @smithery/cli@latest tool list bottobot/defense-mcp-server # Get full schema for a tool npx -y @smithery/cli@latest tool get bottobot/defense-mcp-server sudo_session # Call a tool npx -y @smithery/cli@latest tool call bottobot/defense-mcp-server sudo_session '{}' ``` ## Direct MCP Connection Endpoint: `https://defense-mcp-server--bottobot.run.tools` ## Tools (31) - `sudo_session` — Sudo: elevate privileges, check/drop/extend session, preflight tool checks - `firewall` — Firewall: iptables, UFW, nftables, persistence, policy audit - `harden_kernel` — Kernel hardening: sysctl, kernel security, bootloader, memory protections - `harden_host` — Host hardening: services, permissions, systemd, cron, umask, banners, USB control - `integrity` — Integrity: AIDE, rootkit scanning, file hashing, drift baselines - `log_management` — Logging: auditd, journalctl, fail2ban, syslog, log rotation, SIEM integration - `network_defense` — Network: connections, traffic capture, port scan detection, IPv6 audit, self-scan, segmentation - `compliance` — Compliance: Lynis, OpenSCAP, CIS benchmarks, framework checks, policy, cron/tmp hardening - `malware` — Malware: ClamAV scan/update, YARA rules, suspicious files, webshells, quarantine - `backup` — Backup: config files, system state snapshots, restore, verify integrity, list backups - `access_control` — Access control: SSH, PAM, sudo, user audit, password policy, shell restriction - `crypto` — Crypto: TLS/SSL audit, GPG, LUKS, file hashing, certificate lifecycle - `container_docker` — Docker security: audit, CIS bench, seccomp, daemon config, image scan - `container_isolation` — Container isolation: AppArmor, SELinux, namespaces, seccomp, rootless setup - `defense_mgmt` — Defense: tool checks, workflows, change history, posture, scheduled audits, remediation, reports - `patch` — Patches: pending updates, unattended upgrades, package integrity, kernel audit, CVE lookup - `secrets` — Secrets: filesystem scan, env variable audit, SSH key sprawl, git history leak detection - `incident_response` — Incident response: volatile data, IOC scan, timeline, forensics (memory/disk/network/evidence/custody) - `supply_chain` — Supply chain: SBOM generation, cosign artifact signing, SLSA provenance verification - `zero_trust` — Zero-trust: WireGuard VPN, peer management, mTLS certificates, microsegmentation - `ebpf` — eBPF/Falco: list eBPF programs, Falco status, deploy rules, read events - `app_harden` — App hardening: audit running apps, recommendations, firewall rules, systemd sandboxing - `api_security` — API security: local API discovery, auth audit, rate limiting, TLS verify, CORS check - `cloud_security` — Cloud: environment detection, metadata audit, IAM credentials, storage audit, IMDS security - `honeypot_manage` — Deception: canary tokens, honeyport listeners, trigger detection, canary management - `dns_security` — DNS: resolver audit, DNSSEC check, tunneling detection, domain blocklists, query log audit - `process_security` — Processes: audit running, capabilities, namespaces, anomaly detection, cgroup limits - `threat_intel` — Threat intel: IP/hash/domain reputation, feed management, blocklist application - `vuln_manage` — Vulnerabilities: nmap scan, nikto web scan, tracking, risk prioritization, remediation plans - `waf_manage` — WAF: ModSecurity audit, rule management, rate limiting, OWASP CRS, blocked request analysis - `wireless_security` — Wireless: Bluetooth audit, WiFi assessment, rogue AP detection, disable unused interfaces ```bash # Get full input/output schema for a tool npx -y @smithery/cli@latest tool get bottobot/defense-mcp-server ```