Add Celery worker shell-spawn detection (rev. of #6108)#6120
Open
Batina-Jennifer wants to merge 5 commits into
Open
Add Celery worker shell-spawn detection (rev. of #6108)#6120Batina-Jennifer wants to merge 5 commits into
Batina-Jennifer wants to merge 5 commits into
Conversation
This Sigma rule detects potential indirect prompt injection manipulation and data exfiltration attempts by monitoring specific command line patterns and parent images in a Linux environment.
Updated the description formatting for clarity.
Removed unnecessary fields from the Celery worker shell spawn rule.
nasbench
approved these changes
Jul 10, 2026
nasbench
left a comment
Member
There was a problem hiding this comment.
Overall LGTM. Just some small suggestions
Co-authored-by: Nasreddine Bencherchali <nbencher@cisco.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary of the Pull Request
Re-submitting the Celery worker shell-spawn detection rule after addressing review feedback on #6108 . The rule detects a system shell (sh/bash/dash) spawned directly by a Celery worker process, which is a strong indicator of untrusted input reaching an unsanitized os.system or subprocess(shell=True) call — e.g. via an indirect prompt injection payload in an LLM agent task. Original feedback was that the rule didn't follow repo conventions and lacked a real log sample; both are now fixed, and the attached auditd log sample below shows the rule firing against a live PoC.
Changelog
new: System Shell Spawned From Celery Worker Process
Example Log Event
Raw auditd EXECVE record (celery worker startup):
type=EXECVE msg=audit(1783593584.754:952): argc=6 a0="/home/jenny/celery_test/venv/bin/python3" a1="/home/jenny/celery_test/venv/bin/celery" a2="-A" a3="app" a4="worker" a5="--loglevel=info"
...comm="celery" exe="/usr/bin/python3.12" ppid=8500 pid=10340...
Raw auditd EXECVE record (shell spawned by the worker):
type=EXECVE msg=audit(1783593603.674:960): argc=4 a0="sh" a1="-c" a2="--" a3=6563686F2027506970656C696E6520646174613A20272626206563686F20446174613B20756E616D65202D613B20656E763B206964207C2067726570202D696F4520275B612D7A302D395B3A73706163653A5D5D2B27
...exe="/usr/bin/dash" ppid=10342 (child of the celery worker, pid 10340, via an untracked ForkPoolWorker fork)...
The a3 field above is auditd's hex-encoded argv string; decoded (echo "<a3_value>" | xxd -r -p) it reads:
echo 'Pipeline Data: ' && echo Data; uname -a; env; id | grep -ioE '[a-z0-9[:space:]]+'
The two log events show a Celery worker (python3.12, pid 10340) forking a shell (/bin/dash) that executes the injected command (echo 'Pipeline Data:....'). This rule is built to catch exactly this, as captured from the PoC.
Fixed Issues
SigmaHQ Rule Creation Conventions