Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Perl HTML Perl6 Other

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.


RTIR (RT for Incident Reponse) is a tool for tracking, responding to,
and investigating reported incidents.  Out of the box, it integrates
with RT3 (Also available from

Installation instructions:

1) RTIR requires the Business::Hours module and the Net::Whois::RIPE
   module.  You should install them before proceeding.

2) Install RT 3.0.  This version of RTIR requires at least RT

3) Once RT 3.0 appears to be happily installed, cd into the directory you
   unpacked RTIR into.

4) Edit RTIR's Makefile to point to your RT 3 instance.

5) make sure that mysql or pgsql's commandline tool is in your path.

6) Type "make install".

7) Modify the /opt/rt3/lib/ file.

   Add the variable "$SITE_CONFIG_RTIR_FILE" to the following list:

    use vars qw($VERSION $System $SystemUser $Nobody $Handle $Logger

   After these lines:

    $CORE_CONFIG_FILE = "/opt/rt3/etc/";
    $SITE_CONFIG_FILE = "/opt/rt3/etc/";

   Add the following line:

    $SITE_CONFIG_RTIR_FILE = "/opt/rt3/etc/";

   After these lines:

    require $CORE_CONFIG_FILE
      || die ("Couldn't load RT config file '$CORE_CONFIG_FILE'\n$@");

   Add the following:

      || die ("Couldn't load RTIR config file  '$SITE_CONFIG_RTIR_FILE'\n$@");

8) Initialize the RTIR database by typing "make initdb".

9) Stop and start your web server.

Configuring RTIR

1) Using the Configurations option in base RT, add the email address
   of the Network Operations Team (the people who will handle
   activating and removing Blocks) as AdminCC on the Blocks queue.

2) You may want to modify the email messages that are automatically
   sent on the creation of Investigations and Blocks.  The templates
   are "LaunchMessage" in the Investigations queue and "NewMessage" in
   the Blocks queue.

3) By default, RT3 has certain global Scrips.  You should look through
   them, and disable any that don't want.

4) Staff members who handle incidents should be added to the DutyTeam
Something went wrong with that request. Please try again.