In this tutorial, you will learn how to install RTIR module on Request Tracker. Request Tracker for Incident Response (RTIR) is an essential extension of Request Tracker (RT), enabling CERT and CSIRT teams to manage security incidents efficiently. Handling security incidents efficiently requires the right tools and processes. If you’re already using Request Tracker (RT) for ticket management, adding the Request Tracker for Incident Response (RTIR) module transforms your system into a powerful security incident response platform, complete with specialized workflows designed specifically for security teams.
As someone who has implemented RTIR across multiple enterprise environments, I’ve created this comprehensive guide to help security professionals successfully install and configure this essential module.
Table of Contents
How to Install RTIR Module on Request Tracker
What is RTIR?
Request Tracker for Incident Response (RTIR) extends the base RT ticketing system with specialized features for security teams:
- Specialized ticket types – Incidents, Investigations, Blocks, and Countermeasures
- Security-focused workflows – Streamlined processes for incident handling
- Incident correlation – Link related security events
- Customizable templates – Speed up documentation
- Integration capabilities – Connect with other security tools
RTIR has become the standard for many SOCs (Security Operations Centers) and CERT teams to track, document, and coordinate incident response activities.
Prerequisites
Before beginning the RTIR installation, ensure you have:
- A functioning RT installation (minimum version 5.0 series).
- Root or sudo access to your RT server
- Database administrator access
- Perl and required Perl modules installed
- Web server (Apache or Nginx) with proper configurations
- Current backup of your RT system
If you are looking at how to deploy RT, then we have made a comprehensive guide. Follow the link below to deploy RT.
How to Install Request Tracker on Linux
Note that we have deployed RT v5.0.7 in our Ubuntu 24.04 server. As such, we will be installing RTIR on an RT running on Ubuntu node.
Install RTIR Module on Request Tracker
Step 1: Backup Your Existing RT Installation
If you do no have regular backups, I suggest to dump the DB and backup the RT configs before you can proceed.
Create RT database backup. Assuming that your RT database name is rt5 (otherwise, replace the name accordingly), then run the command below to dump the DB. You need to have the DB root password.
sudo mysqldump -u root -p rt5 > /mnt/rt5-$(date +%F-%T).sqlNext, backup the RT configurations directory, usually /opt/rt5
sudo cp -r /opt/rt5{,.$(date +%F-%T)}Step 2: Download and Extract RTIR Source Code
Just like RT is build from the source code, the process is the same for RTIR.
Download an RTIR source code whose version matches the version of RT installed.
You can check the available releases of RTIR on the RT releases downloads page.
If there is no version of RTIR matching your exact version of RT, then it is safe to use the most recent lower version. Like in this case, since RTIR version 5.0.7 is not available, you can go with RTIR version 5.0.6.
Hence, let’s get RTIR vesion 5.0.6
VER=5.0.6wget https://download.bestpractical.com/pub/rt/release/RT-IR-${VER}.tar.gzOnce the download is complete, extract the source code.
tar xf RT-IR-${VER}.tar.gzStep 3: Install Required Dependencies
Next, navigate into the RT-IR source code directory:
cd RT-IR-${VER}…and run the command below to generate a Makefile – a file used by make to build, test, and install the Perl module. The command will also offer to install any missing mandatory Perl modules.
perl Makefile.PLIf prompted to auto install any module, accept and proceed.
Sample output from the command above;
Cannot determine author info from lib/RT/IR.pm
Cannot determine license info from lib/RT/IR.pm
Using RT configuration from /opt/rt5/lib/RT.pm:
bin => /opt/rt5/local/plugins/RT-IR/bin
etc => /opt/rt5/local/plugins/RT-IR/etc
html => /opt/rt5/local/plugins/RT-IR/html
lib => /opt/rt5/local/plugins/RT-IR/lib
po => /opt/rt5/local/plugins/RT-IR/po
static => /opt/rt5/local/plugins/RT-IR/static
For first-time installation, type 'make initdb'.
To upgrade from a previous version of this extension, use 'make upgrade-database'
*** Module::AutoInstall version 1.21
*** Checking for Perl dependencies...
[Core Features]
- Test::More ...loaded. (1.302194)
- File::Find ...loaded. (1.43)
- File::Temp ...loaded. (0.2311)
- DBIx::SearchBuilder ...loaded. (1.81 >= 1.61)
- Regexp::Common ...loaded. (2017060201)
- Parse::BooleanLogic ...missing.
- Net::Domain::TLD ...missing.
==> Auto-install the 2 mandatory module(s) from CPAN? [y] y
*** Dependencies will be installed the next time you type 'make'.
*** Module::AutoInstall configuration finished.
Open input '/root/RT-IR-5.0.6/etc/upgrade/rtir-2.4-upgrade.pl.in' file for substitution
Open output '/root/RT-IR-5.0.6/etc/upgrade/rtir-2.4-upgrade.pl' file for substitution
Open input '/root/RT-IR-5.0.6/etc/add_constituency.in' file for substitution
Open output '/root/RT-IR-5.0.6/etc/add_constituency' file for substitution
Open input '/root/RT-IR-5.0.6/bin/add_constituency.in' file for substitution
Open output '/root/RT-IR-5.0.6/bin/add_constituency' file for substitution
Open input '/root/RT-IR-5.0.6/lib/RT/IR/Test.pm.in' file for substitution
Open output '/root/RT-IR-5.0.6/lib/RT/IR/Test.pm' file for substitution
Open input '/root/RT-IR-5.0.6/etc/upgrade/2.5.1/update_saved_searches.pl.in' file for substitution
Open output '/root/RT-IR-5.0.6/etc/upgrade/2.5.1/update_saved_searches.pl' file for substitution
Checking if your kit is complete...
Looks good
Warning: prerequisite Net::Domain::TLD 0 not found.
Warning: prerequisite Parse::BooleanLogic 0 not found.
Generating a Unix-style Makefile
Writing Makefile for RT::IR
Writing MYMETA.yml and MYMETA.json
Next, compile the source code in preparation for installation.
makeThe make command will ask to you would like to make configurations automatically as much as possible. Please accept and proceed.
Sample make command output;
"/usr/bin/perl" "-Iinc" Makefile.PL --config= --installdeps=Parse::BooleanLogic,0,Net::Domain::TLD,0
Cannot determine author info from lib/RT/IR.pm
Cannot determine license info from lib/RT/IR.pm
Using RT configuration from /opt/rt5/lib/RT.pm:
bin => /opt/rt5/local/plugins/RT-IR/bin
etc => /opt/rt5/local/plugins/RT-IR/etc
html => /opt/rt5/local/plugins/RT-IR/html
lib => /opt/rt5/local/plugins/RT-IR/lib
po => /opt/rt5/local/plugins/RT-IR/po
static => /opt/rt5/local/plugins/RT-IR/static
For first-time installation, type 'make initdb'.
To upgrade from a previous version of this extension, use 'make upgrade-database'
*** Installing dependencies...
*** Installing Parse::BooleanLogic...
CPAN.pm requires configuration, but most of it can be done automatically.
If you answer 'no' below, you will enter an interactive dialog for each
configuration option instead.
Would you like to configure as much as possible automatically? [yes] yes
We initialized your 'urllist' to https://cpan.org/. Type 'o conf init urllist' to change it.
Autoconfiguration complete.
commit: wrote '/root/.cpan/CPAN/MyConfig.pm'
You can re-run configuration any time with 'o conf init' in the CPAN shell
Fetching with HTTP::Tiny:
https://cpan.org/authors/01mailrc.txt.gz
Reading '/root/.cpan/sources/authors/01mailrc.txt.gz'
............................................................................DONE
Fetching with HTTP::Tiny:
https://cpan.org/modules/02packages.details.txt.gz
Reading '/root/.cpan/sources/modules/02packages.details.txt.gz'
Database was generated on Fri, 16 May 2025 12:41:02 GMT
..............
New CPAN.pm version (v2.38) available.
[Currently running version is v2.36]
You might want to try
install CPAN
reload cpan
to both upgrade CPAN.pm and run the new version without leaving
the current session.
..............................................................DONE
Fetching with HTTP::Tiny:
https://cpan.org/modules/03modlist.data.gz
Reading '/root/.cpan/sources/modules/03modlist.data.gz'
DONE
Writing /root/.cpan/Metadata
Running install for module 'Parse::BooleanLogic'
Fetching with HTTP::Tiny:
https://cpan.org/authors/id/B/BP/BPS/Parse-BooleanLogic-0.10.tar.gz
Fetching with HTTP::Tiny:
https://cpan.org/authors/id/B/BP/BPS/CHECKSUMS
Checksum for /root/.cpan/sources/authors/id/B/BP/BPS/Parse-BooleanLogic-0.10.tar.gz ok
'YAML' not installed, will not store persistent state
Configuring B/BP/BPS/Parse-BooleanLogic-0.10.tar.gz with Makefile.PL
Checking if your kit is complete...
Looks good
Generating a Unix-style Makefile
Writing Makefile for Parse::BooleanLogic
Writing MYMETA.yml and MYMETA.json
BPS/Parse-BooleanLogic-0.10.tar.gz
/usr/bin/perl Makefile.PL INSTALLDIRS=site -- OK
Running make for B/BP/BPS/Parse-BooleanLogic-0.10.tar.gz
make[1]: Entering directory '/root/.cpan/build/Parse-BooleanLogic-0.10-0'
cp lib/Parse/BooleanLogic.pm blib/lib/Parse/BooleanLogic.pm
Manifying 1 pod document
make[1]: Leaving directory '/root/.cpan/build/Parse-BooleanLogic-0.10-0'
BPS/Parse-BooleanLogic-0.10.tar.gz
/usr/bin/make -- OK
Running make test for BPS/Parse-BooleanLogic-0.10.tar.gz
make[1]: Entering directory '/root/.cpan/build/Parse-BooleanLogic-0.10-0'
PERL_DL_NONLAZY=1 "/usr/bin/perl" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(0, 'inc', 'blib/lib', 'blib/arch')" t/*.t
t/basics.t ........... ok
t/custom_googlish.t .. ok
t/custom_ops.t ....... ok
t/custom_parens.t .... ok
t/filter.t ........... ok
t/fsolve.t ........... ok
t/load.t ............. ok
t/partial_solve.t .... ok
t/quotes.t ........... ok
t/solve.t ............ ok
All tests successful.
Files=10, Tests=214, 1 wallclock secs ( 0.04 usr 0.02 sys + 0.98 cusr 0.11 csys = 1.15 CPU)
Result: PASS
make[1]: Leaving directory '/root/.cpan/build/Parse-BooleanLogic-0.10-0'
BPS/Parse-BooleanLogic-0.10.tar.gz
/usr/bin/make test -- OK
Running make install for BPS/Parse-BooleanLogic-0.10.tar.gz
make[1]: Entering directory '/root/.cpan/build/Parse-BooleanLogic-0.10-0'
Manifying 1 pod document
Installing /usr/local/share/perl/5.38.2/Parse/BooleanLogic.pm
Installing /usr/local/man/man3/Parse::BooleanLogic.3pm
Appending installation info to /usr/local/lib/x86_64-linux-gnu/perl/5.38.2/perllocal.pod
make[1]: Leaving directory '/root/.cpan/build/Parse-BooleanLogic-0.10-0'
BPS/Parse-BooleanLogic-0.10.tar.gz
/usr/bin/make install UNINST=1 -- OK
*** Parse::BooleanLogic successfully installed.
*** Installing Net::Domain::TLD...
Running install for module 'Net::Domain::TLD'
Fetching with HTTP::Tiny:
https://cpan.org/authors/id/A/AL/ALEXP/Net-Domain-TLD-1.75.tar.gz
Fetching with HTTP::Tiny:
https://cpan.org/authors/id/A/AL/ALEXP/CHECKSUMS
Checksum for /root/.cpan/sources/authors/id/A/AL/ALEXP/Net-Domain-TLD-1.75.tar.gz ok
Configuring A/AL/ALEXP/Net-Domain-TLD-1.75.tar.gz with Makefile.PL
Checking if your kit is complete...
Looks good
Generating a Unix-style Makefile
Writing Makefile for Net::Domain::TLD
Writing MYMETA.yml and MYMETA.json
ALEXP/Net-Domain-TLD-1.75.tar.gz
/usr/bin/perl Makefile.PL INSTALLDIRS=site -- OK
Running make for A/AL/ALEXP/Net-Domain-TLD-1.75.tar.gz
make[1]: Entering directory '/root/.cpan/build/Net-Domain-TLD-1.75-0'
cp lib/Net/Domain/TLD.pm blib/lib/Net/Domain/TLD.pm
Manifying 1 pod document
make[1]: Leaving directory '/root/.cpan/build/Net-Domain-TLD-1.75-0'
ALEXP/Net-Domain-TLD-1.75.tar.gz
/usr/bin/make -- OK
Running make test for ALEXP/Net-Domain-TLD-1.75.tar.gz
make[1]: Entering directory '/root/.cpan/build/Net-Domain-TLD-1.75-0'
PERL_DL_NONLAZY=1 "/usr/bin/perl" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
t/01_ini.t .. ok
All tests successful.
Files=1, Tests=1, 0 wallclock secs ( 0.02 usr 0.01 sys + 0.01 cusr 0.00 csys = 0.04 CPU)
Result: PASS
make[1]: Leaving directory '/root/.cpan/build/Net-Domain-TLD-1.75-0'
ALEXP/Net-Domain-TLD-1.75.tar.gz
/usr/bin/make test -- OK
Running make install for ALEXP/Net-Domain-TLD-1.75.tar.gz
make[1]: Entering directory '/root/.cpan/build/Net-Domain-TLD-1.75-0'
Manifying 1 pod document
Installing /usr/local/share/perl/5.38.2/Net/Domain/TLD.pm
Installing /usr/local/man/man3/Net::Domain::TLD.3pm
Appending installation info to /usr/local/lib/x86_64-linux-gnu/perl/5.38.2/perllocal.pod
make[1]: Leaving directory '/root/.cpan/build/Net-Domain-TLD-1.75-0'
ALEXP/Net-Domain-TLD-1.75.tar.gz
/usr/bin/make install UNINST=1 -- OK
*** Net::Domain::TLD successfully installed.
*** Module::AutoInstall installation finished.
cp lib/RT/Action/RTIR_FindCVE.pm blib/lib/RT/Action/RTIR_FindCVE.pm
cp lib/Net/Whois/RIPE/Object.pm blib/lib/Net/Whois/RIPE/Object.pm
cp lib/RT/Action/RTIR_ChangeParentOwnership.pm blib/lib/RT/Action/RTIR_ChangeParentOwnership.pm
cp lib/RT/Action/RTIR_MergeCVEs.pm blib/lib/RT/Action/RTIR_MergeCVEs.pm
cp lib/Net/Whois/RIPE/Object.pod blib/lib/Net/Whois/RIPE/Object.pod
cp lib/RT/Condition/RTIR_StaffResponse.pm blib/lib/RT/Condition/RTIR_StaffResponse.pm
cp lib/RT/Action/RTIR_OpenParent.pm blib/lib/RT/Action/RTIR_OpenParent.pm
cp lib/RT/Action/RTIR_SetDueIncident.pm blib/lib/RT/Action/RTIR_SetDueIncident.pm
cp lib/RT/Action/RTIR_FindIP.pm blib/lib/RT/Action/RTIR_FindIP.pm
cp lib/RT/Action/RTIR_SetCountermeasureStatus.pm blib/lib/RT/Action/RTIR_SetCountermeasureStatus.pm
cp lib/RT/Condition/RTIR_CustomerResponse.pm blib/lib/RT/Condition/RTIR_CustomerResponse.pm
cp lib/Net/Whois/RIPE/Object/Template.pm blib/lib/Net/Whois/RIPE/Object/Template.pm
cp lib/RT/Action/RTIR_ChangeChildOwnership.pm blib/lib/RT/Action/RTIR_ChangeChildOwnership.pm
cp lib/RT/Action/RTIR_Activate.pm blib/lib/RT/Action/RTIR_Activate.pm
cp lib/RT/Action/RTIR_FindDomain.pm blib/lib/RT/Action/RTIR_FindDomain.pm
cp lib/RT/Action/RTIR_ChangeChildConstituencies.pm blib/lib/RT/Action/RTIR_ChangeChildConstituencies.pm
cp lib/RT/IR/Config.pm blib/lib/RT/IR/Config.pm
cp lib/RT/Condition/RTIR_RequireDueChange.pm blib/lib/RT/Condition/RTIR_RequireDueChange.pm
cp lib/Net/Whois/RIPE.pod blib/lib/Net/Whois/RIPE.pod
cp lib/Net/Whois/RIPE/Iterator.pod blib/lib/Net/Whois/RIPE/Iterator.pod
cp lib/RT/Condition/RTIR.pm blib/lib/RT/Condition/RTIR.pm
cp lib/RT/Action/RTIR_SetIncidentResolution.pm blib/lib/RT/Action/RTIR_SetIncidentResolution.pm
cp lib/Net/Whois/RIPE.pm blib/lib/Net/Whois/RIPE.pm
cp lib/RT/Condition/RTIR_RequireReportActivation.pm blib/lib/RT/Condition/RTIR_RequireReportActivation.pm
cp lib/RT/IR.pm blib/lib/RT/IR.pm
cp lib/RT/Action/RTIR_SetHowReported.pm blib/lib/RT/Action/RTIR_SetHowReported.pm
cp lib/RT/Action/RTIR.pm blib/lib/RT/Action/RTIR.pm
cp lib/RT/Condition/RTIR_Merge.pm blib/lib/RT/Condition/RTIR_Merge.pm
cp lib/Net/Whois/RIPE/Iterator.pm blib/lib/Net/Whois/RIPE/Iterator.pm
cp lib/RT/Action/RTIR_ResolveChildren.pm blib/lib/RT/Action/RTIR_ResolveChildren.pm
cp lib/RT/Action/RTIR_MergeDomains.pm blib/lib/RT/Action/RTIR_MergeDomains.pm
cp lib/RT/Condition/RTIR_LinkingToIncident.pm blib/lib/RT/Condition/RTIR_LinkingToIncident.pm
cp lib/RT/Action/RTIR_MergeIPs.pm blib/lib/RT/Action/RTIR_MergeIPs.pm
cp lib/RT/IR/Test.pm.in blib/lib/RT/IR/Test.pm.in
cp lib/RT/IR/Test/Web.pm blib/lib/RT/IR/Test/Web.pm
cp lib/RT/IR/Test.pm blib/lib/RT/IR/Test.pm
cp lib/RT/IR/Web.pm blib/lib/RT/IR/Web.pm
cp lib/RT/IR/ConstituencyManager.pm blib/lib/RT/IR/ConstituencyManager.pm
cp lib/RT/IR/ExternalFeeds.pm blib/lib/RT/IR/ExternalFeeds.pm
cp lib/RT/IR/Test/GnuPG.pm blib/lib/RT/IR/Test/GnuPG.pm
Manifying 29 pod documents
Step 4: Install RTIR
If that successfully completes, proceed to install RTIR module on RT server by running the command below;
sudo make installBelow is a sample command output;
"/usr/bin/perl" "-Iinc" Makefile.PL --config= --installdeps=Parse::BooleanLogic,0,Net::Domain::TLD,0
Cannot determine author info from lib/RT/IR.pm
Cannot determine license info from lib/RT/IR.pm
Using RT configuration from /opt/rt5/lib/RT.pm:
bin => /opt/rt5/local/plugins/RT-IR/bin
etc => /opt/rt5/local/plugins/RT-IR/etc
html => /opt/rt5/local/plugins/RT-IR/html
lib => /opt/rt5/local/plugins/RT-IR/lib
po => /opt/rt5/local/plugins/RT-IR/po
static => /opt/rt5/local/plugins/RT-IR/static
For first-time installation, type 'make initdb'.
To upgrade from a previous version of this extension, use 'make upgrade-database'
Manifying 29 pod documents
Installing /opt/rt5/local/plugins/RT-IR/lib/Net/Whois/RIPE.pod
Installing /opt/rt5/local/plugins/RT-IR/lib/Net/Whois/RIPE.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/Net/Whois/RIPE/Object.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/Net/Whois/RIPE/Iterator.pod
Installing /opt/rt5/local/plugins/RT-IR/lib/Net/Whois/RIPE/Iterator.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/Net/Whois/RIPE/Object.pod
Installing /opt/rt5/local/plugins/RT-IR/lib/Net/Whois/RIPE/Object/Template.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/IR.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/Action/RTIR_ResolveChildren.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/Action/RTIR_SetIncidentResolution.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/Action/RTIR_ChangeChildOwnership.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/Action/RTIR_FindIP.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/Action/RTIR_SetDueIncident.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/Action/RTIR_SetHowReported.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/Action/RTIR_ChangeChildConstituencies.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/Action/RTIR_FindCVE.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/Action/RTIR_Activate.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/Action/RTIR_MergeCVEs.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/Action/RTIR_FindDomain.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/Action/RTIR.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/Action/RTIR_MergeIPs.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/Action/RTIR_SetCountermeasureStatus.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/Action/RTIR_ChangeParentOwnership.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/Action/RTIR_MergeDomains.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/Action/RTIR_OpenParent.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/Condition/RTIR_StaffResponse.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/Condition/RTIR.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/Condition/RTIR_RequireReportActivation.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/Condition/RTIR_Merge.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/Condition/RTIR_CustomerResponse.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/Condition/RTIR_RequireDueChange.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/Condition/RTIR_LinkingToIncident.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/IR/Config.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/IR/Web.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/IR/ConstituencyManager.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/IR/Test.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/IR/Test.pm.in
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/IR/ExternalFeeds.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/IR/Test/Web.pm
Installing /opt/rt5/local/plugins/RT-IR/lib/RT/IR/Test/GnuPG.pm
Installing /opt/rt5/local/man/man3/RT::Action::RTIR_ChangeParentOwnership.3pm
Installing /opt/rt5/local/man/man3/RT::Action::RTIR_ChangeChildConstituencies.3pm
Installing /opt/rt5/local/man/man3/RT::Condition::RTIR_Merge.3pm
Installing /opt/rt5/local/man/man3/RT::Condition::RTIR_LinkingToIncident.3pm
Installing /opt/rt5/local/man/man3/RT::Action::RTIR_SetIncidentResolution.3pm
Installing /opt/rt5/local/man/man3/RT::Action::RTIR_OpenParent.3pm
Installing /opt/rt5/local/man/man3/RT::Action::RTIR_FindDomain.3pm
Installing /opt/rt5/local/man/man3/RT::Action::RTIR_MergeCVEs.3pm
Installing /opt/rt5/local/man/man3/RT::Condition::RTIR.3pm
Installing /opt/rt5/local/man/man3/RT::Action::RTIR_Activate.3pm
Installing /opt/rt5/local/man/man3/RT::Action::RTIR_MergeIPs.3pm
Installing /opt/rt5/local/man/man3/RT::Condition::RTIR_StaffResponse.3pm
Installing /opt/rt5/local/man/man3/RT::Action::RTIR_FindIP.3pm
Installing /opt/rt5/local/man/man3/RT::Condition::RTIR_RequireDueChange.3pm
Installing /opt/rt5/local/man/man3/Net::Whois::RIPE::Iterator.3pm
Installing /opt/rt5/local/man/man3/Net::Whois::RIPE.3pm
Installing /opt/rt5/local/man/man3/RT::Action::RTIR_SetDueIncident.3pm
Installing /opt/rt5/local/man/man3/RT::IR::Config.3pm
Installing /opt/rt5/local/man/man3/RT::Action::RTIR_SetCountermeasureStatus.3pm
Installing /opt/rt5/local/man/man3/Net::Whois::RIPE::Object.3pm
Installing /opt/rt5/local/man/man3/RT::Action::RTIR_ResolveChildren.3pm
Installing /opt/rt5/local/man/man3/RT::Condition::RTIR_CustomerResponse.3pm
Installing /opt/rt5/local/man/man3/RT::Action::RTIR_ChangeChildOwnership.3pm
Installing /opt/rt5/local/man/man3/RT::Action::RTIR_SetHowReported.3pm
Installing /opt/rt5/local/man/man3/RT::Action::RTIR_FindCVE.3pm
Installing /opt/rt5/local/man/man3/RT::Condition::RTIR_RequireReportActivation.3pm
Installing /opt/rt5/local/man/man3/RT::Action::RTIR_MergeDomains.3pm
Installing /opt/rt5/local/man/man3/RT::IR.3pm
Installing /opt/rt5/local/man/man3/RT::Action::RTIR.3pm
Appending installation info to /opt/rt5/local/man/perllocal.pod
Installing /opt/rt5/local/plugins/RT-IR/bin/add_constituency
Installing /opt/rt5/local/plugins/RT-IR/bin/add_constituency.in
Installing /opt/rt5/local/plugins/RT-IR/etc/initialdata
Installing /opt/rt5/local/plugins/RT-IR/etc/RTIR_Config.pm
Installing /opt/rt5/local/plugins/RT-IR/etc/add_constituency
Installing /opt/rt5/local/plugins/RT-IR/etc/add_constituency.in
Installing /opt/rt5/local/plugins/RT-IR/etc/logo/png/rtir-logo-badge.png
Installing /opt/rt5/local/plugins/RT-IR/etc/logo/png/rtir-logo-badge-shadow.png
Installing /opt/rt5/local/plugins/RT-IR/etc/logo/png/rtir.png
Installing /opt/rt5/local/plugins/RT-IR/etc/logo/png/rtir-logo-badge-3d.png
Installing /opt/rt5/local/plugins/RT-IR/etc/logo/psd/rtir-logo-badge.psd
Installing /opt/rt5/local/plugins/RT-IR/etc/logo/psd/rtir-logo-badge-shadow.psd
Installing /opt/rt5/local/plugins/RT-IR/etc/logo/psd/rtir-logo-badge-3d.psd
Installing /opt/rt5/local/plugins/RT-IR/etc/logo/gif/rtir-logo-badge-3d.gif
Installing /opt/rt5/local/plugins/RT-IR/etc/logo/gif/rtir-logo-badge.gif
Installing /opt/rt5/local/plugins/RT-IR/etc/logo/gif/rtir-logo-badge-shadow.gif
Installing /opt/rt5/local/plugins/RT-IR/etc/logo/gif/rtir.gif
Installing /opt/rt5/local/plugins/RT-IR/etc/logo/svg/rtir.svg
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/rtir-2.4-upgrade.pl
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/process_articles_initialdata
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/rtir-2.4-upgrade.pl.in
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/remove_files
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/1.0.3/content
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/1.1.1/content
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/2.1.1/content
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/5.0.2/content
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/2.1.0/content
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/3.3.3/content
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/2.3.9/content
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/3.0.0rc2/content
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/5.0.4/content
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/3.3.1/content
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/2.1.3/content
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/2.9.0/content
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/3.3.4/content
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/4.9.1/content
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/4.9.0/content
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/3.3.2/content
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/1.1.3/content
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/1.9.0/content
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/1.9.0/schema.Informix
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/1.9.0/schema.mysql
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/1.9.0/schema.SQLite
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/1.9.0/schema.Sybase
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/1.9.0/schema.Pg
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/1.9.0/schema.Oracle
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/3.3.0/backcompat
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/3.3.0/content
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/2.6.2/content
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/2.3.0/content
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/3.1.0/content
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/2.5.1/update_saved_searches.pl
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/2.5.1/content
Installing /opt/rt5/local/plugins/RT-IR/etc/upgrade/2.5.1/update_saved_searches.pl.in
Installing /opt/rt5/local/plugins/RT-IR/html/Callbacks/RTIR/Admin/Queues/DefaultValues.html/Init
Installing /opt/rt5/local/plugins/RT-IR/html/Callbacks/RTIR/Search/Results.html/Initial
Installing /opt/rt5/local/plugins/RT-IR/html/Callbacks/RTIR/Search/Build.html/BeforeDisplay
Installing /opt/rt5/local/plugins/RT-IR/html/Callbacks/RTIR/Search/Elements/PickBasics/Default
Installing /opt/rt5/local/plugins/RT-IR/html/Callbacks/RTIR/Helpers/TicketHistory/ExtraShowHistoryArguments
Installing /opt/rt5/local/plugins/RT-IR/html/Callbacks/RTIR/autohandler/SuccessfulLogin
Installing /opt/rt5/local/plugins/RT-IR/html/Callbacks/RTIR/Ticket/Display.html/Initial
Installing /opt/rt5/local/plugins/RT-IR/html/Callbacks/RTIR/Ticket/Create.html/Init
Installing /opt/rt5/local/plugins/RT-IR/html/Callbacks/RTIR/Ticket/Create.html/Default
Installing /opt/rt5/local/plugins/RT-IR/html/Callbacks/RTIR/Ticket/Elements/ShowLinkedQueues/MassageTitleBox
Installing /opt/rt5/local/plugins/RT-IR/html/Callbacks/RTIR/Ticket/Elements/ShowLinkedQueues/MassageQueries
Installing /opt/rt5/local/plugins/RT-IR/html/Callbacks/RTIR/Elements/ShowSearch/ModifySearch
Installing /opt/rt5/local/plugins/RT-IR/html/Callbacks/RTIR/Elements/MakeClicky/Default
Installing /opt/rt5/local/plugins/RT-IR/html/Callbacks/RTIR/Elements/Tabs/Privileged
Installing /opt/rt5/local/plugins/RT-IR/html/Callbacks/RTIR/Elements/Header/Head
Installing /opt/rt5/local/plugins/RT-IR/html/Callbacks/RTIR/Elements/RT__Ticket/ColumnMap/Once
Installing /opt/rt5/local/plugins/RT-IR/html/Callbacks/RTIR/Elements/ShowHistoryPage/SkipTransaction
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Crypt.html
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Display.html
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Update.html
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/ShowUser
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Edit.html
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Advanced.html
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/CreateInQueue.html
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Split.html
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/index.html
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/EditUsername
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Create.html
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Forward.html
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Prefs/Home.html
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Tools/Traceroute.html
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Tools/ScriptedAction.html
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Tools/Lookup.html
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Tools/ExternalFeeds.html
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Tools/index.html
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Tools/Elements/LookupSummary
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Tools/Elements/LookupRelatedTickets
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Tools/Elements/ToolFormWhois
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Tools/Elements/GetEmailFromIP
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Tools/Elements/Tools
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Tools/Elements/ToolFormIframe
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Tools/Elements/ToolResultsIframe
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Tools/Elements/ToolFormTraceroute
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Tools/Elements/ToolResultsWhois
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Tools/Elements/SelectWhoisServer
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Report/BulkReject.html
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Merge/index.html
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/c/dhandler
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Reporting/Report.tsv
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Reporting/Report.html
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Reporting/index.html
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Reporting/Report.txt
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Search/Elements/ShowResults
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Investigation/Elements/Create
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Link/ToIncident/index.html
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Link/FromIncident/index.html
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Incident/Display.html
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Incident/BulkAbandon.html
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Incident/Split.html
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Incident/Create.html
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Incident/Reply/index.html
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Incident/Children/index.html
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Incident/Elements/ReplyForm
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Incident/Elements/Create
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/SelectConstituency
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/MergeWith
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/ShowIncidents
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/EditRTIRField
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/ShowChildren
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/UpdateData
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/ShowPeople
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/ShowDates
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/Header
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/EditCustomFields
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/NobodyDueIncidents
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/EditPeople
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/ShowRTIRField
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/PickRestriction
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/NewReports
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/DueIncidents
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/AttachReports
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/SelectNewTicketQueue
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/CreateInRTIRQueueModal
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/EditPeopleInline
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/UserDueIncidents
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/AddWatchers
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/SelectIncident
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/TransactionData
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/ShowCVEDetails
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/QueueSummary
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/WorkWithConstituency
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/ShowArticles
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/Refresh
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/CreateInRTIRQueue
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/SelectRTIRQueue
Installing /opt/rt5/local/plugins/RT-IR/html/RTIR/Elements/CreateTicketInQueue
Installing /opt/rt5/local/plugins/RT-IR/po/README
Installing /opt/rt5/local/plugins/RT-IR/po/rtir.pot
Installing /opt/rt5/local/plugins/RT-IR/static/images/RTIR/rtir-logo.svg
Installing /opt/rt5/local/plugins/RT-IR/static/images/RTIR/logo.png
Installing /opt/rt5/local/plugins/RT-IR/static/js/jquery.uncheckable-radio-0.1.js
Installing /opt/rt5/local/plugins/RT-IR/static/css/rtir-styles.css
Installing /opt/rt5/local/plugins/RT-IR/static/css/rtir-reporting.css
Step 5: Activate RTIR in RT
Next, configure RT to use RTIR plugin.
Therefore, edit the RT configuration file, /opt/rt5/etc/RT_SiteConfig.pm.
sudo vim /opt/rt5/etc/RT_SiteConfig.pmAnd add the line below;
Plugin('RT::IR');Save and exit the file.
Step 6: Initialize RTIR Database
If you are installing RTIR for the first time on your RT server, you need to initialize the DB to populate the RTIR-specific database schema and data into your existing RT (Request Tracker) instance.
You will need database root user password to be able to proceed.
WARNING: Do not attempt to re-initialize the database if you are upgrading and instead, check the documentation on how to proceed.
make initdbSample command output;
/usr/bin/perl -I. -Ilib -I/opt/rt5/local/lib -I/opt/rt5/lib /opt/rt5/sbin/rt-setup-database --action insert --datadir etc --datafile etc/initialdata --dba root --prompt-for-dba-password --package RT::IR --ext-version 5.0.6
In order to create or update your RT database, this script needs to connect to your mysql instance on localhost (port '3306') as root
Please specify that user's database password below. If the user has no database
password, just press return.
Password:
Working with:
Type: mysql
Host: localhost
Port: 3306
Name: rt5
User: rt_user
DBA: root
Now inserting data.
[9622] [Fri May 16 14:02:02 2025] [info]: Creating 'Response' Article custom field. (/root/RT-IR-5.0.6/etc/initialdata:774)
Done inserting data.
Done.
Step 7: Restart Web Server
Next, restart your web server. We are using Apache2 in our server.
sudo systemctl restart apache2Step 8: Verify RTIR Installation
Refresh the RT web interface and login.
Check for the “RTIR” tab on the dashboard.
and navigate to Admin -> Queues to see RTIR queues (Incident Reports, Incidents, Investigations, Countermeasures).
Post-Installation Configuration
RTIR is basically now installed and integrated with Request Tracker.
Some of the logical steps that you can take from here include but not limited to:
- Using RT’s configuration interface, add the email address of the Network Operations Team (the people who will handle activating and removing network blocks) as AdminCc on the Countermeasures queue. Admin -> Queues -> Countermeasures -> Watchers
- You may want to modify the email messages that are automatically sent on the creation of Investigations and Countermeasures.
Admin -> Queues -> <Select RTIR’s Queue> -> Templates.RT -> Global -> Templates. - By default, RT ships with a number of global Scrips. You should use RT’s configuration interface to look through them, and disable any that aren’t appropriate in your environment.
Admin -> Queues -> <Select RTIR’s Queue> -> Scrips.RT -> Global -> Scrips - Add staff members who handle incidents to the DutyTeam group.
Admin -> Configuration -> Groups -> DutyTeam -> Members. - You can override values defined in RTIR_Config.pm by creating RTIR_SiteConfig.pm in /opt/rt5/etc/ and adding your customizations.
In our next guide, we will delve deeper into RTIR setup.
Conclusion
If RTIR is properly implemented, it will become the central nervous system of your security operations. The installation process/configuration steps requires careful attention to detail, but the resulting capabilities significantly enhance your team’s incident response capabilities.
