Friday, December 19, 2008


WebJob looks more interesting that you would think from the description:

WebJob downloads a program or script from a remote WebJob server and executes it in one unified operation. Any output produced by the program/script is packaged up and sent to a remote, possibly different, WebJob server. WebJob is useful because it provides a mechanism for running known good programs on damaged or potentially compromised systems. This makes it ideal for remote diagnostics, incident response, and evidence collection. WebJob also provides a framework that is conducive to centralized management. Therefore, it can support and help automate a large number of common administrative tasks and host-based monitoring scenarios such as periodic system checks, file updates, integrity monitoring, patch/package management, and so on.

When you look at the use cases:

To date, WebJob has been successfully used to:

* Automatically harvest argus, ifconfig, lsof, netstat, ndd, patch, ps, tcpdump, (name your utility), etc. data
* Automatically update cron tabs, DNS records, password files, snort rules, web sites, (name your application), etc.
* Automatically update system binaries when their MD5s do not match expected values
* Conduct massive searches for credit card numbers, social security numbers, and suspect hashes
* Deploy FreeBSD, Linux, Solaris, and Windows packages
* Drive GUI-based Windows utilities via AutoIT scripts
* Harvest evidence and diagnostic information from hundreds (300+) of systems in parallel
* Harvest system information to perform security audits or compliance verification
* Implement a Virtual Evidence Locker (VEL)
* Implement and maintain a Poor Man's Compile Farm (PMCF)
* Implement and maintain a distributed malware test harness
* Perform integrity monitoring with FTimes
* Periodically perform administrative tasks on a 950+ node Content Delivery Network (CDN) and the list goes on and on...

I haven't tried it (and it would be interesting to see if it really can scale) but I will!

No comments: