Fetching latest commit…
Cannot retrieve the latest commit at this time
|Failed to load latest commit information.|
RTIR (RT for Incident Reponse) is a tool for tracking, responding to, and investigating reported incidents. Out of the box, it integrates with RT3 (Also available from bestpractical.com) Installation instructions: -------------------------- 1) RTIR requires the Business::Hours module and the Net::Whois::RIPE module. You should install them before proceeding. 2) Install RT 3.0. This version of RTIR requires at least RT 3.03pre5. 3) Once RT 3.0 appears to be happily installed, cd into the directory you unpacked RTIR into. 4) Edit RTIR's Makefile to point to your RT 3 instance. 5) make sure that mysql or pgsql's commandline tool is in your path. 6) Type "make install". 7) Modify the /opt/rt3/lib/RT.pm file. Add the variable "$SITE_CONFIG_RTIR_FILE" to the following list: use vars qw($VERSION $System $SystemUser $Nobody $Handle $Logger $CORE_CONFIG_FILE $SITE_CONFIG_FILE <...> After these lines: $CORE_CONFIG_FILE = "/opt/rt3/etc/RT_Config.pm"; $SITE_CONFIG_FILE = "/opt/rt3/etc/RT_SiteConfig.pm"; Add the following line: $SITE_CONFIG_RTIR_FILE = "/opt/rt3/etc/RT_SiteConfig_RTIR.pm"; After these lines: require $CORE_CONFIG_FILE || die ("Couldn't load RT config file '$CORE_CONFIG_FILE'\n$@"); Add the following: require $SITE_CONFIG_RTIR_FILE || die ("Couldn't load RTIR config file '$SITE_CONFIG_RTIR_FILE'\n$@"); 8) Initialize the RTIR database by typing "make initdb". 9) Stop and start your web server. Configuring RTIR ---------------- 1) Using the Configurations option in base RT, add the email address of the Network Operations Team (the people who will handle activating and removing Blocks) as AdminCC on the Blocks queue. 2) You may want to modify the email messages that are automatically sent on the creation of Investigations and Blocks. The templates are "LaunchMessage" in the Investigations queue and "NewMessage" in the Blocks queue. 3) By default, RT3 has certain global Scrips. You should look through them, and disable any that don't want. 4) Staff members who handle incidents should be added to the DutyTeam group.