Introduction
Claude comes with Claude Code which is a product that allows developers to analyze and build applications through the terminal. It’s also used by developers to automate repetitive tasks which allows them to focus on more important things such as optimization and architecture.
Claude Code can also read, write, and execute commands on the system therefore it’s important to secure Claude Code from reading, writing, and executing specific things.
Claude Code Security
Inside the Claude Code Organization Panel there is a setting which allows us to restrict Claude Code from reading, writing, and executing specific things.
| Syntax | Description |
|---|---|
Bash | Used to allow or deny Claude Code from executing a command. |
Read | Used to allow or deny Claude Code from reading a file. |
Write | Used to allow or deny Claude Code from writing to a file. |
All these options allows us to secure Claude Code from executing specific commands and from reading critical files which has API keys and much more information. Here is an example configuration for Claude Code:
{
"permissions": {
"disableBypassPermissionsMode": "disable",
"deny": [
"Read(**/.env)",
"Read(**/local-settings.json)",
"Write(**/etc/passwd)",
"Bash(sudo *)"
"Bash(su *)",
"Bash(curl *)",
"Bash(git *)",
"Bash(passwd *)",
"Bash(chmod *)",
"Bash(chown *)"
]
}
}So basically the managed-settigns.json file basically secures Claude Code by preventing it from reading files which has API keys and blocking execution of specific commands. The disableBypassPermissionsMode disallows the users from bypassing the security configuration set in managed-settings.json.
Securing through Server-Side
Claude allows us to secure Claude Code from server-side through the managed-settings.json which is accessible with the following steps.
-
Click on Organizational Settings
-
Go to Claude Code.
-
Click on Manage on Manage Settings
I would recommend to implement a strict access control for Claude Code as it comes with capabilities to read, write, and execute things on our end-users systems. Here is a starter tempalte that I would highly start recommending using.
{
"permissions": {
"disableBypassPermissionsMode": "disable",
"deny": [
"Read(**/.env)",
"Read(**/local-settings.json)",
"Read(**/id_rsa)",
"Read(**/id_ecdsa)",
"Read(**/id_ecdsa.pub)",
"Read(**/id_rsa.pub)",
"Write(**/etc/passwd)",
"Write(C:\Windows\System32\config\sam)",
"Write(C:\Windows\System32\config\security)",
"Bash(sudo *)",
"Bash(su *)",
"Bash(curl *)",
"Bash(git *)",
"Bash(passwd *)",
"Bash(chmod *)",
"Bash(chown *)",
"Bash(nmap *)",
"Bash(ssh * )",
"Bash(nc *)",
"Bash(ncat *)",
]
}
}The server-side version of managed-setting.json will block the requests whenever the user tries to read, write, and execute things mentioned in the managed-settings.json file. I’ll now go through implementing these restriction on the client-side since it can help us with enforcing these configurations.
Securing through Client-Side (Windows)
Claude also allows us to secure Claude Code from client-side by adding the managed-settings.json file inside of a registry key.
-
Go to Microsoft Intune
-
Go to Devices → Windows
-
Go to Script and Remediation under Managed Devices
-
Click on Create on Script & Remediations
-
Enter the Name, Description, and Publisher.
-
Use the Detection Script and Remediation Script.
Detection Script # Claude Code Path & Desired Config $regPath = Test-Path "HKLM:\Software\Policies\ClaudeCode" $desiredConfig = '<PASTE YOUR DESIRED CONFIG>' if ($regPath -eq $true) { $currentConfig = (Get-ItemProperty "HKLM:\Software\Policies\ClaudeCode" -ErrorAction SilentlyContinue).Settings if ($currentConfig -ne $desiredConfig) { Exit 0 } } else { Exit 1 }Remediation Script # Claude Code Path & Desired Config $regPath = Test-Path "HKLM:\Software\Policies\ClaudeCode" $desiredConfig = '<PASTE DESIRED CONFIG>' if ($regPath -eq $true) { $currentConfig = (Get-ItemProperty "HKLM:\Software\Policies\ClaudeCode" -ErrorAction SilentlyContinue).Settings if ($currentConfig -ne $desiredConfig) { Set-ItemProperty -Path "HKLM:\Software\Policies\ClaudeCode" -Name 'Settings' -value $desiredConfig } } else { New-Item -Path "HKLM:\Software\Policies\ClaudeCode" -Force | Out-Null New-ItemProperty -Path "HKLM:\Software\Policies\ClaudeCode" -Name 'Settings' -Value '<PASTE DESIRED CONFIG>' | Out-Null }
-
Select the group or users to enable the enforcement of Claude Code.
-
Review the configuration and create the Script & Remediation.
Securing through Client-Side (MacOS)
Claude also allows us to secure Claude Code from client-side on MacOS devices by adding the managed-settings.json fiel inside of a mobileconfig file which will be added into the MacOS MDM enforcement directory.
-
Go to Microsoft Intune
-
Click on Devices → Configurations
-
Click on Create → New Policy
-
Select Platform, Profile Type, and Template Name.
-
Enter the Name and Description.
-
Select Custom Configuration Profile Name as Claude Code MDM Configuration and Deployment Channel as Device Control and upload the .mobileconfig file.
.mobileconfig <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadDisplayName</key> <string>Claude Code Managed Settings</string> <key>PayloadDescription</key> <string>Configures managed settings for Claude Code.</string> <key>PayloadIdentifier</key> <string>com.anthropic.claudecode.profile</string> <key>PayloadOrganization</key> <string>Example Organization</string> <key>PayloadScope</key> <string>System</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>DC3CBC17-3330-4CDE-94AC-D2342E9C88A3</string> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadContent</key> <array> <dict> <key>PayloadDisplayName</key> <string>Claude Code</string> <key>PayloadIdentifier</key> <string>com.anthropic.claudecode.profile.BEFD5F54-71FC-4012-82B2-94399A1E220B</string> <key>PayloadType</key> <string>com.apple.ManagedClient.preferences</string> <key>PayloadUUID</key> <string>BEFD5F54-71FC-4012-82B2-94399A1E220B</string> <key>PayloadVersion</key> <integer>1</integer> <key>PayloadContent</key> <dict> <key>com.anthropic.claudecode</key> <dict> <key>Forced</key> <array> <dict> <key>mcx_preference_settings</key> <dict> <key>permissions</key> <dict> <key>disableBypassPermissionsMode</key> <string>disable</string> <key>deny</key> <array> <string>Read(**/.env)</string> <string>Read(**/local-settings.json)</string> <string>Read(**/id_rsa)</string> <string>Read(**/id_ecdsa)</string> <string>Read(**/id_ecdsa.pub)</string> <string>Read(**/id_rsa.pub)</string> <string>Write(**/etc/passwd)</string> <string>Write(C:\Windows\System32\config\sam)</string> <string>Write(C:\Windows\System32\config\security)</string> <string>Bash(sudo *)</string> <string>Bash(su *)</string> <string>Bash(curl *)</string> <string>Bash(git *)</string> <string>Bash(passwd *)</string> <string>Bash(chmod *)</string> <string>Bash(chown *)</string> <string>Bash(nmap *)</string> <string>Bash(ssh * )</string> <string>Bash(nc *)</string> <string>Bash(ncat *)</string> </array> </dict> </dict> </dict> </array> </dict> </dict> </dict> </array> </dict> </plist>
-
Select the group or users to apply the .mobileconfig file to.
-
Review the configuration and create the Configuration Profile.
Conclusion
Antrophics the founders of Claude built a great tool which increases engineers productivity. However, as Security Engineers it’s crucial for us to implement least privileges on these CLI tools as these comes with the capabilities to read, write, and execute on end-users systems to minimize the attack surface.
Fortunately for us Antrophics allows us to force security settings through both client-side and server-side which allows us to ensure that the attack surface is reduced. I would highly recommend to setup managed-settings.json for Claude Code to reduce the attack surface.