Blocks

Przemek_Jaroszewski · March 30, 2004, 11:51am

Hi,

Can anyone explain how do “blocks” work in RTIR? I listed proper people as
watchers of the ‘Blocks’ queue so they can receive all correspondence, but
I have no idea what triggers state changes of tickets in that queue (eg.
active->removed?). Also, should those people be able to login to RTIR or
is it up to me? If so, should they be members of any group in particular?

Cheers,
Przemek
“Delenda est Carthago” /Cato Maior/ .d~^v
Przemyslaw Jaroszewski 8 E R T
CERT Polska, http://www.cert.pl/ `b.a’POLSKA|
przemek@cert.pl; tel.+48 22 5231377; fax.: +48 22 5231399

Gorazd_Bozic · March 31, 2004, 11:16am

Przemek Jaroszewski wrote:

Hi,

Can anyone explain how do “blocks” work in RTIR? I listed proper people as
watchers of the ‘Blocks’ queue so they can receive all correspondence, but
I have no idea what triggers state changes of tickets in that queue (eg.
active->removed?). Also, should those people be able to login to RTIR or
is it up to me? If so, should they be members of any group in particular?

I guess you can create a separate group that can access only tickets in
Blocks queue and then add users to that group.

Since our NOC people would probably pour sugar in my car’s tank if I
suggested to them that they have to learn a new tool and process all the
blocks via RTIR, I decided that I’ll add custom scrips that would
process mail messages in Blocks queue and look for agreed predefined
strings. If certain strings are present, the block changes state.

So far I have implemented only one (to us crucial) transition: from
“pending activation” to “active”, the rest is still done manually. I
have added the following scrip to queue Blocks:

Description: Activate Block

Condition: On Correspond

Custom condition:

Action: User Defined

Custom action preparation code: 1

Custom action cleanup code:

-------------------------------------------------------------------

my $State;
my $cf = RT::CustomField->new($self->TransactionObj->CurrentUser);
$cf->LoadByNameAndQueue(Queue => $self->TicketObj->QueueObj->Id,
Name => ‘_RTIR_State’);
unless ($cf->Id) {
return(1);
}

@content = @{$self->TransactionObj->MIMEObj->body};
if ( (scalar(grep(/^[1]**OK*/, @content)) > 0) &&
($cf->Name eq ‘pending activation’) ) {
$State = ‘active’;
} else {
return 0;
}
$self->TicketObj->AddCustomFieldValue(Field => $cf->id,
Value => $State);
return 1;

-------------------------------------------------------------------

Stage: TransactionCreate

Template: Global template: Blank

In brief: if the NOC replies to the block request with a message that
contains “OK” at the beginning of the line, the state of the block is
changed. This can easily be modified to parse for other responses and
change states as appropriate.

HTH,
Gorazd

Gorazd Bozic gorazd.bozic@arnes.si
ARNES SI-CERT, Jamova 39 p.p. 7, SI-1001 Ljubljana, Slovenia
tel: +386 1 479 88 22, fax: +386 1 479 88 99

^> ↩︎

Przemek_Jaroszewski · April 5, 2004, 7:55am

Przemek Jaroszewski wrote:

I guess you can create a separate group that can access only tickets in
Blocks queue and then add users to that group.

So far I have implemented only one (to us crucial) transition: from
“pending activation” to “active”, the rest is still done manually. I
have added the following scrip to queue Blocks:

Thanks, Gorazd. I’m still interested in the original idea behind this. For
example, I cannot see a way to change the state of a block from RTIR
manually. I’m stuck with a block in an ‘active’ state even though it was
removed a while ago. Yes, I know I could enable ‘hidden’ _RTIR_State field
and modify it from plain RT, but it’s not the solution. Is the only way to
handle this to implement a workaround like yours? Jesse, John, anyone?

Przemek
“Delenda est Carthago” /Cato Maior/ .d~^v
Przemyslaw Jaroszewski 8 E R T
CERT Polska, http://www.cert.pl/ `b.a’POLSKA|
przemek@cert.pl; tel.+48 22 5231377; fax.: +48 22 5231399

Rodney_Tillotson · April 5, 2004, 11:27am

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 05/04/2004 09:55 +0200, Przemek Jaroszewski wrote:

… I cannot see a way to change the state of a block from RTIR
manually. I’m stuck with a block in an ‘active’ state even though
it was removed a while ago.

I am an unskilled but resourceful user.
When I came across this I fixed it by sending in the required
acknowledgment myself!

You might have to forge the source of the message, or adjust the
correspondents for the block ticket first, but this is a way to make
RTIR change its own state.

It’s true that the facility hasn’t turned out quite as we thought
it would; but we don’t use it often, so we have not yet come up with
a better design.

Rodney Tillotson, JANET-CERT
+44 1235 822 255.

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use http://www.pgp.com

iQA/AwUBQHE9H8xy/J7PAuvpEQLk/gCff77LClwitDuzu8EF4YXb2TwNv7IAn1+v
8kpGDJdnAr5mNcPeEHf/7LmW
=+D1g
-----END PGP SIGNATURE-----

Tony_Arnold · June 23, 2005, 3:33pm

I’ve been trying to use the blocks feature in RTIR. Requesting a block
and activating a block seems to work quite well. I’ve configured things
so that block requests get sent to a group of people responsible for our
firewall. A reply from one of them automatically sets the block to
activated which is just what I want.

However, requesting the removal of a block is not so smooth. The request
for removal goes off to the same list as a block request, however, a
reply to this message sets the block to activated again when I really
want it to set it to removed.

I can’t seem to find where this logic is implemented. It doesn’t appear
to be in a scrip, unless I’m missing something.

Perhaps this is fixed in a later release? I’m currently running RT
3.0.12 with RTIR 1.0.5

MTIA

Regards,
Tony.
Tony Arnold, IT Security Coordinator, University of Manchester,
IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
E: tony.arnold@manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold

Rodney_Tillotson · June 23, 2005, 4:55pm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tony Arnold wrote:

I’ve been trying to use the blocks feature in RTIR. Requesting a
block and activating a block seems to work quite well. I’ve
configured things so that block requests get sent to a group of
people responsible for our firewall. A reply from one of them
automatically sets the block to activated which is just what I
want.

However, requesting the removal of a block is not so smooth. The
request for removal goes off to the same list as a block request,
however, a reply to this message sets the block to activated again
when I really want it to set it to removed.

I can’t even see how to reach the ‘removed’ state manually. My
workaround is to resolve the enclosing Incident and then re-open any
other child tickets that I still want to work with.

I’ve no idea where it is implemented.

Rodney Tillotson, JANET-CERT
+44 1235 822 255.

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use http://www.pgp.com

iQA/AwUBQrrpX8xy/J7PAuvpEQJ9qwCg8EaWwQTF1kwXO+yCR/tdu5bn2AQAniNI
gISpWO3dP25CmrFVPoWjC3w+
=Y5FO
-----END PGP SIGNATURE-----

Gorazd_Bozic · July 28, 2005, 8:11am

Rodney Tillotson wrote:

I can’t even see how to reach the ‘removed’ state manually. My
workaround is to resolve the enclosing Incident and then re-open any
other child tickets that I still want to work with.

I’ve no idea where it is implemented.

We have a Scrip in a Block Queue, which is called “Activate or Remove
Block” (I’ve posted something similar to the list in Mar 2004). The
problem is that for some reason it works only for block activation.
Here’s the code:

Description: Activate or Remove Block
Condition: On Correspond
Custom Condition:
Action: User Defined
Custom action preparation code: 1
Custom action cleanup code:

-------------------------------------------------------------------

my $State;
my $cf = RT::CustomField->new($self->TransactionObj->CurrentUser);
$cf->LoadByNameAndQueue(Queue => $self->TicketObj->QueueObj->Id,
Name => ‘_RTIR_State’);
unless ($cf->Id) {
return(1);
}

my @content = @{$self->TransactionObj->MIMEObj->body};
if (scalar(grep(/^[1]**OK*/, @content)) > 0) {
if ($cf->Name eq ‘pending activation’) { $State = ‘active’; }
elsif ($cf->Name eq ‘pending removal’) { $State = ‘removed’; }
else { return 0; }
} else {
return 0;
}
$self->TicketObj->AddCustomFieldValue(Field => $cf->id,
Value => $State);
if ($State eq ‘removed’) { $self->TicketObj->Resolve(); }
return 1;

-------------------------------------------------------------------

Stage: Transaction Create
Template: Global Template: Blank

When we get a reply with a string “OK”, state “pending activation”
changes to “active”, while transition from “pending removal” to
“removed” doesn’t work for some reason. My guess is that since these
states are actually derived from generic states in SetRTIRState scrip:

if ($self->TicketObj->Status eq ‘new’) {
$State = ‘pending activation’;
} elsif (($self->TicketObj->Status eq ‘open’) &&
($cf->Name ne ‘pending removal’)) {
$State = ‘active’;
} elsif ($self->TicketObj->Status eq ‘stalled’) {
$State = ‘pending removal’;
} elsif ($self->TicketObj->Status eq ‘resolved’) {
$State = ‘removed’;
} else {
return 0;
}

a correspondence causes the ticket to go from “stalled” (=“pending
removal”) to “open” (=“active”), before our scrip “Activate or Remove
Block” kicks in. Amongst the scrips that apply to all queues is one
called “On Correspond Open Tickets with template Blank”.

I guess what is needed is to modify this global scrip and add a custom
condition that checks whether the ticket’s queue is “Blocks” and return
0, else 1… I’ll try that and report back on the list.

Regards,
Gorazd

Gorazd Bozic gorazd.bozic@arnes.si
ARNES SI-CERT, Jamova 39 p.p. 7, SI-1001 Ljubljana, Slovenia
tel: +386 1 479 88 22, fax: +386 1 479 88 99

^> ↩︎