WebJob 1.6.0 review
DownloadWebJob downloads a program or script from a remote WebJob server and executes it in one unified operation
|
|
WebJob downloads a program or script from a remote WebJob server and executes it in one unified operation. Any output produced by the program/script is packaged up and sent to a remote, possibly different, WebJob server.
WebJob is useful because it provides a mechanism for running known good programs on damaged or potentially compromised systems. This makes it ideal for remote diagnostics, incident response, and evidence collection.
WebJob also provides a framework that is conducive to centralized management. Therefore, it can support and help automate a large number of common administrative tasks and host-based monitoring scenarios such as periodic system checks, file updates, integrity monitoring, patch/package management, and so on.
Here are some key features of "WebJob":
WebJob was written in C and has been ported to many popular operating environments such as AIX, Cygwin, FreeBSD, HP-UX, MacOS X, NetBSD, OpenBSD, Linux, Solaris, and Windows NT/2K.
In incident response and evidence collection scenarios, WebJob does not need to be "installed" on client machines. In many cases, it can be run from a floppy, CDROM, or network share. This means that WebJob can be configured such that it is minimally invasive to the target system. This is important when trying to collect evidence of an attack on live systems.
In system management, monitoring, and auditing scenarios where persistence is required, only a single binary and a few configuration files actually need to reside on client machines. Logistically, this can be a big time saver in terms of software deployment and maintenance.
The tools that actually do what you need to have done are managed in one location, namely the WebJob server. Thus, scripts and programs can be kept in a state of continual readiness. Effectively, this increases your ability to adapt and respond to unforeseen events.
Client-Server data can be exchanged safely and securely using SSL encryption and certificate authentication.
All harvested data is aggregated in one location -- the WebJob server.
WebJob only requires an outbound TCP connection -- typically on port 443. A WebJob server never initiates communication with a WebJob client. This eliminates an entire class of network-based attack vectors.
WebJob does not diminish the client's security posture because it is strictly a client side application and it runs in the security context of the user invoking it. In other words, the WebJob client does not accept inbound requests, and there are no inherent SUID/SGID issues.
WebJob's GET, RUN, and PUT timers ensure that runaway jobs are terminated once user-specified time limits have been exceeded.
WebJob scales horizontally. In other words, a single WebJob server can handle multiple clients, and multiple servers within a single-tiered framework create additional capacity.
WebJob scales vertically. In other words, WebJob servers can be configured as clients to create a multi-tiered framework.
WebJob does not limit what you can do.
What's New in This Release:
The code was cleaned up and refined.
Several bugs were fixed.
Digital Signature Verification (DSV) support was integrated into the WebJob client/server components.
Support for SHA256 hashes was added.
The CGI script now provides support for GET/PUT triggers and stricter SSL-based authentication checks.
WebJob 1.6.0 search tags