Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Perl HTML Perl6 Other

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
etc
html
reports
Makefile
README
config

README

RTIR (RT for Incident Reponse) is a tool for tracking, responding to,
and investigating reported incidents.  Out of the box, it integrates
with RT3 (Also available from bestpractical.com)

Installation instructions:
--------------------------

1) RTIR requires the Business::Hours module (version 0.05 or later)
   and the Net::Whois::RIPE module.  You should install them before 
   proceeding.

2) Install RT 3.0.  This version of RTIR requires at least RT
   3.0.4.

3) Once RT 3.0 appears to be happily installed, cd into the directory you
   unpacked RTIR into.

4) Edit RTIR's Makefile to point to your RT 3 instance.

5) make sure that mysql or pgsql's commandline tool is in your path.

6) Type "make install".

7) Add the following lines to your /opt/rt3/etc/RT_SiteConfig.pm file:

   # The RTIR config file

   $RTIR_CONFIG_FILE = "/opt/rt3/etc/RTIR_Config.pm";

   require $RTIR_CONFIG_FILE
     || die ("Couldn't load RTIR config file '$RTIR_CONFIG_FILE'\n$@");

8) Initialize the RTIR database by typing "make initdb".

9) Stop and start your web server.


Configuring RTIR
----------------

1) Using the Configuration option in base RT, add the email address
   of the Network Operations Team (the people who will handle
   activating and removing Blocks) as AdminCC on the Blocks queue.

2) You may want to modify the email messages that are automatically
   sent on the creation of Investigations and Blocks.  The templates
   are "LaunchMessage" in the Investigations queue and "NewMessage" in
   the Blocks queue.

3) By default, RT3 has certain global Scrips.  You should look through
   them, and disable any that don't want.

4) Staff members who handle incidents should be added to the DutyTeam
   group.

5) You can override values in the RTIR_Config.pm in your
   RT_SiteConfig.pm file, following the "require" line explained
   above.


SETTING UP THE MAIL GATEWAY 
---------------------------

An alias for the Incident Reports  queue will need to be made in either 
your global mail aliases file (if you are using NIS) or locally on your
machine.
 
Add the following lines to /etc/aliases (or your local equivalent) :

rtir:         "|/opt/rt3/bin/rt-mailgate --queue 'Incident Reports' --action correspond --url http://localhost/"

You should substitute te URL for RT's web interface for "http://localhost/".


BUGS
----

To report a bug, send email to rtir-bugs@fsck.com.
Something went wrong with that request. Please try again.