WebJob downloads a program or script from a remote WebJob server and executes it in one unified operation.
WebJob is useful because it provides a mechanism for running known good programs on damaged or potentially compromised systems. This makes it ideal for remote diagnostics, incident response, and evidence collection.
WebJob also provides a framework that is conducive to centralized management. Therefore, it can support and help automate a large number of common administrative tasks and host-based monitoring scenarios such as periodic system checks, file updates, integrity monitoring, patch/package management, and so on.
- WebJob was written in C and has been ported to many popular operating environments such as AIX, Cygwin, FreeBSD, HP-UX, MacOS X, NetBSD, OpenBSD, Linux, Solaris, and Windows NT/2K.
- In incident response and evidence collection scenarios, WebJob does not need to be "installed" on client machines. In many cases, it can be run from a floppy, CDROM, or network share. This means that WebJob can be configured such that it is minimally invasive to the target system. This is important when trying to collect evidence of an attack on live systems.
- In system management, monitoring, and auditing scenarios where persistence is required, only a single binary and a few configuration files actually need to reside on client machines. Logistically, this can be a big time saver in terms of software deployment and maintenance.
- The tools that actually do what you need to have done are managed in one location, namely the WebJob server. Thus, scripts and programs can be kept in a state of continual readiness. Effectively, this increases your ability to adapt and respond to unforeseen events.
- Client-Server data can be exchanged safely and securely using SSL encryption and certificate authentication.
- All harvested data is aggregated in one location -- the WebJob server.
- WebJob only requires an outbound TCP connection -- typically on port 443. A WebJob server never initiates communication with a WebJob client. This eliminates an entire class of network-based attack vectors.
- WebJob does not diminish the client's security posture because it is strictly a client side application and it runs in the security context of the user invoking it. In other words, the WebJob client does not accept inbound requests, and there are no inherent SUID/SGID issues.
- WebJob's GET, RUN, and PUT timers ensure that runaway jobs are terminated once user-specified time limits have been exceeded.
- WebJob scales horizontally. In other words, a single WebJob server can handle multiple clients, and multiple servers within a single-tiered framework create additional capacity.
- WebJob scales vertically. In other words, WebJob servers can be configured as clients to create a multi-tiered framework.
- WebJob does not limit what you can do.
In a hurry? Add it to your Download Basket!
What's New in This Release:
- Generally, code was cleaned up and refined as necessary.
- Several bugs have been fixed.
- Externally, there have been several changes: embedded Perl support has been added; the client now includes failover/fallback support; the CGI script now includes queuing support via Job Queue Directories (JQD); and several new utilities and Perl modules have been added to improve server-side configuration and management.
- Note that nph-webjob.cgi now depends on several Perl modules, and it is no longer a drop in replacement.