mediumexperimentalLinuxOCINetworkT1588

Linux Agent Installing Packages From Non-Approved Repositories

Detects AI agent processes establishing network connections to package repository hosts other than approved mirrors, indicating potential supply chain compromise via installation of malicious packages.

Updated Jan 10, 2025 · OCI AI Security Team

agentic-aisupply-chainpackage-installpypinpmlinuxociowasp-asi04

Problem Statement

Package installation from unapproved repositories introduces the risk of malicious code entering the agent runtime environment. Compromised packages can contain backdoors, credential stealers, or cryptominers that execute within the agent's security context.

Sample Logs

{"timestamp":"2025-01-10T13:25:10Z","computer_name":"oci-worker-15","user":"agent_svc","image":"/usr/bin/pip3","destination_hostname":"malicious-pypi-mirror.example.com","destination_ip":"198.51.100.10","destination_port":443,"initiated":true}

Required Fields

image

destination_hostname

destination_ip

destination_port

user

computer_name

False Positives

·Agents with private PyPI or npm mirrors configured in their pip.conf or .npmrc files
·Enterprise registries (JFrog Artifactory, Nexus) used as package proxies

Tuning Guidance

Build an allowlist of approved package repository hostnames including enterprise mirrors. Alert only on connections to domains not in the allowlist.