forked from bestpractical/rtir
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
190 lines (127 loc) · 6.54 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
RT for Incident Response is an open source, industrial-grade
incident-handling tool designed to provide a simple, effective
workflow for members of CERT and CSIRT teams. It allows team members
to track, respond to and deal with reported incidents and features a
number of tools to make common operations quick and easy. RTIR is
built on top of RT, which is also available for free from Best
Practical Solutions at http://www.bestpractical.com/rt/.
RT and RTIR are commercially-supported software. To purchase support,
training, custom development, or professional services, please get in
touch with us at <[email protected]>.
REQUIRED PACKAGES:
------------------
o RT 4.0.14 or any later release of RT 4.0, but not RT 4.2
o Net::Whois::RIPE 1.31 is bundled with RTIR for compatibility with the
API RTIR uses and for a fix to run without warnings under perl 5.18.
Upgrade instructions:
-----------------------
If you've installed a prior version of RTIR, you may need to follow
special steps to upgrade. See the docs/UPGRADING file for detailed
information.
Installation instructions:
--------------------------
1) Install RT 4.0.14 or a newer 4.0 release following RT's regular
installation instructions. RT 4.2 is not compatible with RTIR 3.0.
2) Run "perl Makefile.PL" to generate a makefile for RTIR.
3) Install any extra Perl modules RTIR needs that aren't already
installed. The output from the previous step will list new
modules needed, or if existing modules need to be upgraded to a
newer version.
4) Type "make install".
5a) If you are installing RTIR for the first time, initialize the RTIR
database by typing "make initdb".
WARNING: Do not attempt to re-initialize the database if you are
upgrading.
5b) If you are UPGRADING from a previous installation, read the
UPGRADING file for instructions on how to upgrade your
database.
6) Activate the RTIR extension in the RT_SiteConfig.pm file:
Set(@Plugins, 'RT::IR');
7) Stop and start your web server.
Additional Extensions:
----------------------
o To maintain Due date for Reports, Investigations and Blocks, install
RT::Extension::SLA following the installation instructions in that
extension's README file.
o If you want to enable ticket/incident aging, install RT::Extension::TicketAging
following the instructions in that extension's INSTALL and README files.
o If you want to enable ticket locking, install RT::Extension::TicketLocking
following the installation instructions in that extension's README file.
Configuring RTIR
----------------
1) Using RT's configuration interface, add the email address
of the Network Operations Team (the people who will handle
activating and removing Blocks) as AdminCC on the Blocks queue.
RT -> Queues -> Blocks -> Watchers
2) You may want to modify the email messages that are automatically
sent on the creation of Investigations and Blocks.
RT -> Queues -> <Select RTIR's Queue> -> Templates.
RT -> Global -> Templates.
3) By default, RT ships with a number of global Scrips. You should use
RT's configuration interface to look through them, and disable any
that aren't apropriate in your environment.
RT -> Queues -> <Select RTIR's Queue> -> Scrips.
RT -> Global -> Scrips.
4) Add staff members who handle incidents to the DutyTeam group.
RT -> Configuration -> Groups -> DutyTeam -> Members.
5) You can override values in the RTIR_Config.pm in your
RT_SiteConfig.pm file. Just add your customizations.
SETTING UP THE MAIL GATEWAY
---------------------------
An alias for the Incident Reports queue will need to be configured.
Add the following lines to /etc/aliases (or your local equivalent):
rtir: "|/opt/rt4/bin/rt-mailgate --queue 'Incident Reports' --action correspond --url http://localhost/"
You should substitute the URL for RT's web interface for "http://localhost/".
o If your webserver uses SSL, rt-mailgate will require several new
Perl libraries. See the RT README for more details on this option.
o See "perldoc /opt/rt4/bin/rt-mailgate" for more info about the rt-mailgate script.
o If you're configuring RTIR with support for multiple constituencies, please
refer to the instructions in the file lib/RT/IR/Constituencies.pod
Documentation for RTIR
----------------------
* This README file
* UPGRADING
Instructions for users upgrading from 1.0 or 2.0
* perldoc docs/DocIndex.pod
( also at http://bestpractical.com/docs/rtir/latest/DocIndex )
Links to documentation specific to RTIR
* perldoc docs/Tutorial.pod
( also at http://bestpractical.com/docs/rtir/latest/Tutorial )
Extended information about ticket merging
* perldoc docs/Constituencies.pod
( also at http://bestpractical.com/docs/rtir/latest/Constituencies )
Information about setting up RTIR with multiple user constituencies
* perldoc docs/AdministrationTutorial.pod
( also at http://bestpractical.com/docs/rtir/latest/AdministrationTutorial )
Information about setting up RTIR for Administrators
* install extension RT-OnlineDocs to give SuperUsers access to the RT::IR and RT API
documentation via the Web UI. This includes the Tutorial.pod and other .pod files
mentioned above.
* perldoc RT::Extension::TicketAging
(also at https://metacpan.org/module/RT::Extension::TicketAging )
Information about configuring and using RT and RTIR Ticket Aging.
* perldoc RT::Extension::TicketLocking
(also at https://metacpan.org/module/RT::Extension::TicketLocking )
Information about configuring and using RT and RTIR Ticket Locking.
* etc/RTIR_Config.pm
(Contains a number of RTIR-specific configuration options and instructions for their use)
* RTIR mailing list
Subscribe by sending mail to [email protected]
* http://wiki.bestpractical.com/view/RTIR
The RTIR section of the community-developed RT wiki is still in its infancy.
DEVELOPMENT
-----------
If you would like to run RTIR's tests, you need to set a few environment
variables:
RT_DBA_USER - a user who can create a database on your RDBMS
(such as root on mysql)
RT_DBA_PASSWORD - the password for RT_DBA_USER
To run tests:
$ RTHOME=/opt/my-rt perl Makefile.PL
$ RT_DBA_USER=user RT_DBA_PASSWORD=password make test
These are intended to be run before installing RTIR.
Like RT, RTIR expects to be able to create a new database called rt4test
on your system
REPORTING BUGS
--------------
To report a bug, send email to [email protected].