highexperimentalLinuxAI/MLT1059.004

LLM Service Spawning Shell Interpreter

Detects LLM service processes spawning shell interpreters (bash, sh, zsh). Under normal operation an LLM runtime should never directly fork an interactive shell. This pattern is a strong indicator of prompt injection achieving command execution.

Updated Jan 15, 2025 · Detection Engineering Team

llmprompt-injectionlinuxshell-executionowasp-llm01

Problem Statement

LLM runtimes should never spawn interactive shells. A shell child process originating from an LLM service path is a reliable indicator of prompt injection achieving OS command execution.

Sample Logs

{"timestamp":"2025-01-15T09:14:22Z","computer_name":"llm-host-01","user":"llm_svc","image":"/bin/bash","command_line":"bash","parent_image":"/opt/llm/serve/model_server.py","parent_command_line":"python3 /opt/llm/serve/model_server.py --port 8080"}

Required Fields

image

command_line

parent_image

user

computer_name

False Positives

·Legitimate health-check scripts invoked by the LLM service
·Setup or initialisation scripts run at startup under the LLM process tree

Tuning Guidance

Whitelist known startup wrapper scripts. Restrict the alert to non-startup time windows or use process ancestry depth to filter one-time init forks.