Scan for specific language on web page?

As part of a security audit, we're trying to locate all the web servers that are using a "default" web page instead of our custom, more secure ones. We have a very large environment and a number of servers got set up with IIS or Apache running even tho no actual website was running. We can identify web servers using SAM and finding the IIS admin service, but we need to be able to identify which ones are using an incorrect home page.

Is there a way to set up a monitor to look for the default "Welcome to IIS 7" on a webpage? How would this be set up?

Any help is appreciated. Thanks.

Kevin Wilson

Platforms System Admin

HISD

Find more posts tagged with

sam 6.2.4

Accepted answers

All comments

prawij

My suggestion would be:

1) Create a SAM template, using the HTTP Monitor component type.

2) Enter "Welcome to IIS 7" or whatever string you want to look for in the "Search String:" field of the component configuration

3) Set "Fail If Found:" to Yes.

4) Apply this template to all your web servers.

The ones that return the string you specify will show as down applications and you can triage them as needed.

kwilsonhisd

I was able to do that, but it shows failed for websites even if they have different web page set up. I set "fail if found" to no, and we get the following results:

What I'm seeing is:

Web page exists and shows "welcome to IIS": Green

Web Page exists and does not show "welcome to IIS: Red

Web Page does not exist: Red.

Is there way to basically reverse this? Or set it so the default page shows red, non-default pages show green, and no web pages just show no data/gray?