In our last post, “Request Tracker Installation (Part 2 of 2),” we implemented Request Track (RT) on an Apache web server. As a reminder, RT is an enterprise-grade ticketing system which allows for the checking of the status of various tasks including when the tasks were requested, who requested the tasks and why, when the tasks were completed, prioritizing, etc. It was developed by the folks over at Best Practical, and is the leading open-source issue tracking system. Best Practical has also created RT for Incident Response (RTIR), which is “an Open Source incident handling system designed with the needs of CERT teams and other incident-response teams in mind.” The posting “RTIR: RT for Incident Response” outlines the added features of RTIR. Today’s post will build upon the implementation of RT and will walk through the steps to implement RTIR.
Before going any further, I did want to give credit to the Doctor, who has been good enough to post over on his ITIL Service Management blog a mind mapping of the incident management process under ITIL. That mind map is the image used in today’s blog. While it has nothing directly to do with RTIR, it is interesting in terms of incident management and I wanted to give proper credit.
Installation
Below are the basic steps involved with installing RTIR.
1. Download and install required Perl modules.
There are several Perl packages, which are dependent on other packages, and so the cycle goes. You can install there packages using cpan, with commands like:
/usr/local/src root# perl -MCPAN -e 'install Business::Hours' /usr/local/src root# perl -MCPAN -e 'install Net::Whois::RIPE' |
Sometimes you can run into problems installing modules in that manner. Another alternative is to pull down the package, untar, configure, compile, and install in a manner similar to:
root# cd /usr/local/src /usr/local/src root# wget http://search.cpan.org/CPAN/authors/\ id/M/MR/MRSAM/Net-CIDR-0.11.tar.gz /usr/local/src root# tar xzf Net-CIDR-0.11.tar.gz /usr/local/src root# cd Net-CIDR-0.11 /usr/local/src/Net-CIDR-0.11 root# perl Makefile.PL /usr/local/src/Net-CIDR-0.11root# make test /usr/local/src/Net-CIDR-0.11 root# make install |
To make installation of RTIR as easy as possibly, you may want to make sure the following packages are installed.
| Package | File |
|---|---|
| Business::Hours | http://search.cpan.org/CPAN/authors/id/J/JE/JESSE/\ Business-Hours-0.07.tar.gz |
| Net::Whois::RIPE | http://search.cpan.org/CPAN/authors/id/P/PA/PAULG/ Net-Whois-RIPE-1.23.tar.gz |
| Net::CIDR | http://search.cpan.org/CPAN/authors/id/M/MR/MRSAM/\ Net-CIDR-0.11.tar.gz |
| Business::SLA | http://search.cpan.org/CPAN/authors/id/R/RU/RUZ/\ Business-SLA-0.05.tar.gz |
| Regexp::Common::net::CIDR | http://search.cpan.org/CPAN/authors/id/R/RU/RUZ/\ Regexp-Common-net-CIDR-0.02.tar.gz |
| Devel::Cycle | http://search.cpan.org/CPAN/authors/id/L/LD/LDS/\ Devel-Cycle-1.10.tar.gz |
| PadWalker | http://search.cpan.org/CPAN/authors/id/R/RO/ROBIN/\ PadWalker-1.7.tar.gz |
| Devel::Symdump | http://search.cpan.org/CPAN/authors/id/A/AN/ANDK/\ Devel-Symdump-2.08.tar.gz |
| Pod::Coverage | http://search.cpan.org/CPAN/authors/id/R/RC/RCLAMP/\ Pod-Coverage-0.19.tar.gz |
| Test::Pod::Coverage | http://search.cpan.org/CPAN/authors/id/P/PE/PETDANCE/\ Test-Pod-Coverage-1.08.tar.gz |
| Test::Memory::Cycle | http://search.cpan.org/CPAN/authors/id/P/PE/PETDANCE/\ Test-Memory-Cycle-1.04.tar.gz |
| Test::Taint | http://search.cpan.org/CPAN/authors/id/P/PE/PETDANCE/\ Test-Taint-1.04.tar.gz |
| WWW::Mechanize | http://search.cpan.org/CPAN/authors/id/P/PE/PETDANCE/\ WWW-Mechanize-1.34.tar.gz |
| Test::HTTP::Server::Simple | http://search.cpan.org/CPAN/authors/id/J/JE/JESSE/\ Test-HTTP-Server-Simple-0.09.tar.gz |
2. Download, configure, and install RTFM.
The stable RTIR package was released back to 2004, way before the most recent RT 3 release. Pull down the most recently updated for RT 3 release of the RT FAQ Manager (RTFM). To quote from the FAQ, “RTFM lets you open, categorize and search for ‘articles.’ Like RT, RTFM lets your users contribute additional information to existing articles and makes sure that each article’s full history is preserved for future inspection. RTFM makes it easy to quickly search the knowledge base and find critical information.”
root# cd /usr/local/src /usr/local/src root# wget http://download.bestpractical.com/pub/rt/devel/\ RTIR_M3/RTFM-2.2.2.tar.gz /usr/local/src root# tar xzf RTFM-2.2.2.tar.gz /usr/local/src root# cd RTFM-2.2.2 /usr/local/src/RTFM-2.2.2 root# perl Makefile.PL /usr/local/src/RTFM-2.2.2 root# make /usr/local/src/RTFM-2.2.2 root# make install /usr/local/src/RTFM-2.2.2 root# make initdb /usr/local/src/RTFM-2.2.2 root# cd .. /usr/local/src root# wget http://download.bestpractical.com/pub/rt/devel/\ RTIR_M3/RTFM-Extension-ArticleTemplates-0.01.tar.gz /usr/local/src root# tar xzf RTFM-Extension-ArticleTemplates-0.01.tar.gz /usr/local/src root# cd RTFM-Extension-ArticleTemplates-0.01 /usr/local/src/RTFM-Extension-ArticleTemplates-0.01root# perl Makefile.PL /usr/local/src/RTFM-Extension-ArticleTemplates-0.01root# make /usr/local/src/RTFM-Extension-ArticleTemplates-0.01root# make install /usr/local/src/RTFM-Extension-ArticleTemplates-0.01root# cd .. |
3. Download, configure, and install RTIR.
Pull down the most recently updated for RT 3 release of RTIR.
root# cd /usr/local/src /usr/local/src root# wget http://download.bestpractical.com/pub/rt/devel/\ RTIR_M3/RT-IR-2.3.17.tar.gz /usr/local/src root# tar xzf RT-IR-2.3.17.tar.gz /usr/local/src root# cd RT-IR-2.3.17 /usr/local/src/RT-IR-2.3.17 root# perl Makefile.PL /usr/local/src/RT-IR-2.3.17 root# make install |
4. Edit RT configuration file.
Edit the RT configuration file /opt/rt3/etc/RT_SiteConfig.pm adding the RTIR configuration file /opt/rt3/local/plugins/RT-IR/etc/RTIR_Config.pm.
/usr/local/src/RT-IR-2.3.17 root# vi /opt/rt3/etc/RT_SiteConfig.pm |
Add the lines:
# The RTIR config file
$RTIR_CONFIG_FILE = "/opt/rt3/local/plugins/RT-IR/etc/RTIR_Config.pm";
require $RTIR_CONFIG_FILE || die ("Couldn't load RTIR config file '$RTIR_CONFIG_FILE'\n$@");
Set(@Plugins, 'RT::FM', 'RT::IR');
|
5. Initialize the database.
Update the RT database.
/usr/local/src/RT-IR-2.3.17 root# make initdb |
6. Stop and restart the Apache server.
For good measure, restart the Apache server.
/usr/local/src/RT-IR-2.3.17 root# /usr/local/apache/bin/apachectl stop /usr/local/src/RT-IR-2.3.17 root# /usr/local/apache/bin/apachectl start |
7. Configure RTIR.
Configuration of RT and RTIR is a topic for another post; maybe even a book. I will include below basic instructions from RTIR readme. Please see the next section for additional documentation.
1) Using RT’s configuration interface, add the email address
of the Network Operations Team (the people who will handle
activating and removing Blocks) as AdminCC on the Blocks queue.
RT -> Configuration -> Queues -> Blocks -> Watchers2) You may want to modify the email messages that are automatically
sent on the creation of Investigations and Blocks.
RT -> Queues -> <select RTIR’s Queue> -> Templates.
RT -> Global -> Templates.3) By default, RT ships with a number of global Scrips. You should use
RT’s configuration interface to look through them, and disable any
that aren’t apropriate in your environment.
RT -> Queues -> </select><select RTIR’s Queue> -> Scrips.
RT -> Global -> Scrips.4) Add staff members who handle incidents to the DutyTeam group.
RT -> Configuration -> Groups -> DutyTeam -> Members.5) You can override values in the RTIR_Config.pm in your
RT_SiteConfig.pm file. Just add your customizations after the “require”
line mentioned above.
Additional Information
RT has a nice user interface. In order to figure out and use the program, you need to read the documentation. We may come back and do a post on configuration. How you configure RTIR software depends on the environment and your plans for using the software. Below is a listing of several information sources.
- DocIndex.pod – Can also view DocIndex.pod with the command:
perldoc lib/RT/IR/DocIndex.pod - AdministrationTutorial.pod – Can also view AdministrationTutorial.pod with the command:
perldoc lib/RT/IR/AdministrationTutorial.pod - Config.pm – Can also view Constituencies.pod with the command:
perldoc lib/RT/IR/Config.pm - Constituencies.pod – Can also view Constituencies.pod with the command:
perldoc lib/RT/IR/Constituencies.pod - Ticket.pm – Can also view Ticket.pm with the command:
perldoc lib/RT/IR/Tutorial.pod - Tutorial.pod – Can also view Tutorial.pod with the command:
perldoc lib/RT/IR/Tutorial.pod
Thanks for the post and for including the Mind Map – very interesting content. I followed the link to ask him if I could add the Mind Map to my collection I am building up on http://www.fuzz2buzz.com/en/mindexchange/browse-grid as I have a number of clients working on ITIL projects
cheers
Jennifer