Skip to content
Perl HTML Perl6 Other
Pull request Compare This branch is 4 commits ahead, 2389 commits behind 3.2-trunk.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
etc
html
inc/Module
lib
reports
META.yml
Makefile.PL
README
UPGRADING
releng.cnf

README

RT for Incident Response is an open source, industrial-grade
incident-handling tool designed to provide a simple, effective
workflow for members of CERT and CSIRT teams. It allows team members
to track, respond to and deal with reported incidents and features a
number of tools to make common operations quick and easy.  RTIR is
built on top of "RT," which is also available for free from Best
Practical Solution at http://www.bestpractical.com/rt/.

To purchase commercials support, training or custom development for RT
or RTIR, please contact Best Practical at sales@bestpractical.com.


WARNING!
--------

This is a development version of RTIR.  Before using this version of
RTIR, back up your database and any local modifications.

If you intend to deploy RTIR, or any other software, in a production
environment, we recommend that you first install and test it in a
staging environment to ensure that it meets your needs.

Changes since RTIR 1.0.x
------------------------

Full integration with RT 3.4.

New Search UI

	This includes a 3.4-style search UI, and menu changes to
	accomodate this.  Instead of search results and criteria being
	displayed on a single page, you can now choose the 'Refine'
	menu option to refine your search and re-run it after you've
	added all of your criteria.

Configurable Search Results

	Search result formats are configurable in RTIR_Config.pm, so you
	can easily choose which fields you would like to have displayed
	for RTIR searches.

Standardized Components

	RTIR 1.2 uses more of RT's core components, making it easier
	to customize and maintain.

Scrips

	Scrip actions and conditions are now in perl modules, so that
	they're easier to customize.

Business::SLA

	Service Level Agreement (SLA) calculations are now handled by
	the Business::SLA module, which offers more flexibility.  You
	can specify SLAs with business minutes, real minutes, or both.


REQUIRED PACKAGES:
------------------

o   RT 3.4.0 or later, configured, installed and tested.

o   The Business::Hours module (version 0.05 or later)

o   The Business::SLA module

o   The Net::Whois::RIPE module



Upgrade instructions:
-----------------------

If you've installed a prior version of RTIR, you may need to follow
special steps to upgrade.  See the UPGRADING file for detailed
information.


Installation instructions:
--------------------------

1) Once RT 3.4 and other required package have been installed and
   appear to be working properly, cd to the directory into which you
   unpacked RTIR into.

2) Run "perl Makefile.PL" to generate a makefile for RTIR. 

3) Type "make install".

4) Add the following lines to your RT_SiteConfig.pm file:

   # The RTIR config file

   $RTIR_CONFIG_FILE = $RT::LocalEtcPath."/IR/RTIR_Config.pm";

   require $RTIR_CONFIG_FILE
     || die ("Couldn't load RTIR config file '$RTIR_CONFIG_FILE'\n$@");

5) If you are installing RTIR for the first time, initialize the RTIR
   database by typing "make initdb".

   WARNING: Do not attempt to re-initialize the database if you are
   upgrading.

6) Stop and start your web server.  




Configuring RTIR
----------------

1) Using RT's configuration interface, add the email address
   of the Network Operations Team (the people who will handle
   activating and removing Blocks) as AdminCC on the Blocks queue.

2) You may want to modify the email messages that are automatically
   sent on the creation of Investigations and Blocks.  The templates
   are "LaunchMessage" in the Investigations queue and "NewMessage" in
   the Blocks queue.

3) By default, RT ships with a number of global Scrips.  You should use 
   RT's configuration interface to look through them, and disable any 
   that aren't apropriate in your environment.

4) Add staff members who handle incidents to the DutyTeam group.

5) You can override values in the RTIR_Config.pm in your
   RT_SiteConfig.pm file. Just add your customizations after the "require" 
   line mentioned above.


SETTING UP THE MAIL GATEWAY 
---------------------------

An alias for the Incident Reports  queue will need to be made in either 
your global mail aliases file (if you are using NIS) or locally on your
machine.
 
Add the following lines to /etc/aliases (or your local equivalent) :

rtir:         "|/opt/rt3/bin/rt-mailgate --queue 'Incident Reports' --action correspond --url http://localhost/"

You should substitute the URL for RT's web interface for "http://localhost/".


BUGS
----

To report a bug, send email to rtir-bugs@fsck.com.
Something went wrong with that request. Please try again.