RTIR is an incident response module for RT, so clearly we had to take a little peek at the goods. This is really meant for incident responmse / network operations teams.
RTIR is built on RT, but provides different functionality. Read here for more information regarding the usefulness of RT and RTIR.
Lets start by installing the needed Perl modules:
perl -MCPAN -e ‘install Business::Hours’
perl -MCPAN -e ‘install Net::Whois::RIPE’
and downloading rtir and extracting it:
wget http://download.bestpractical.com/pub/rt/release/rtir.tar.gz
tar xfzv rtir.tar.gz
Now we need to configure the Makefile so that it points to our installed RT, otherwise it’ll have no clue where to install. So we will use the path from our earlier install of RT.
cd rtir-1.0.5/
edit Makefile
Change the RT_ROOT to the location of your rt install. Mine happens to be /usr/local/RT
I did change the group rt to www also, since RT doesn’t install its own group in FreeBSD 
Save the file and exit.
make install
This next step ensures that RT will not work unless the RTIR config is present.
edit /usr/local/RT/etc/RT_SiteConfig.pm
and add this:
# The RTIR config file
$RTIR_CONFIG_FILE = “/usr/local/RT/etc/RTIR_Config.pm”;
require $RTIR_CONFIG_FILE
|| die (”Couldn’t load RTIR config file ‘$RTIR_CONFIG_FILE’\n$@”);
Save the file and exit.
make initdb
This will request your root password. Enter it and hit enter. 10 seconds later the process is complete. Restart Apache for good luck!
apachectl restart
That’s the hard bit out of the way.
Browse RT and login as your root user.
Browse to: Configuration -> Queues -> Blocks -> Watchers
Add your network operations team email address to the ‘Administrative Cc:’ field.
Configure your default emails sent when an Investigation or Block is logged by:
Browse to: Configuration -> Queues -> Blocks -> Templates -> NewMessage
and customise the email.
Browse to: Configuration -> Queues -> Investigations -> Templates -> LaunchMessage
and customise the email.
Here are some other tips from the RTIR Readme:
- By default, RT3 has certain global Scrips. You should look through them, and disable any that don’t want.
- Staff members who handle incidents should be added to the DutyTeam group.
Incident reports need a mail alias, so again:
edit /etc/aliases
Add the following line:
rtir: “|/usr/local/RT/bin/rt-mailgate –queue ‘Incident Reports’ –action correspond –url http://yourhostname:81/”
Remember to change the hostname to match your install!
This should be RTIR installed. It worked for me. Remember to follow each step logically. If you get no luck, it might be a good plan to look in /var/log/httpd-error.log before getting worked up about it.