Changing Blocks state on correspond

RTIR
1

On much older versions of RTIR the state of blocks would get updated
based on correspondence. Thus I would create a block, this would notify
the firewall team and set the state to Pending Activation. When the
firewall team reply, the state would get set to Activated. Similarly for
block removal.

This doesn’t seem to happen any more. How can I write a scrip that will
do this?

Regards,
Tony.
Tony Arnold, Tel: +44 (0) 161 275 6093
Head of IT Security, Fax: +44 (0) 705 344 3082
University of Manchester, Mob: +44 (0) 773 330 0039
Manchester M13 9PL. Email: tony.arnold@manchester.ac.uk

2

On much older versions of RTIR the state of blocks would get updated
based on correspondence. Thus I would create a block, this would notify
the firewall team and set the state to Pending Activation. When the
firewall team reply, the state would get set to Activated. Similarly for
block removal.

This doesn’t seem to happen any more. How can I write a scrip that will
do this?

This should still work. There is an option in RTIR config to control
this functionality with regexp. Which version do you test?

Regards,
Tony.

Tony Arnold, Tel: +44 (0) 161 275 6093
Head of IT Security, Fax: +44 (0) 705 344 3082
University of Manchester, Mob: +44 (0) 773 330 0039
Manchester M13 9PL. Email: tony.arnold@manchester.ac.uk

Rtir mailing list
Rtir@lists.bestpractical.com
The rtir Archives

Best regards, Ruslan.

3

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1On 24/01/13 15:30, Ruslan Zakirov wrote:

On Thu, Jan 24, 2013 at 6:46 PM, Tony Arnold tony.arnold@manchester.ac.uk wrote:

On much older versions of RTIR the state of blocks would get
updated based on correspondence. Thus I would create a block,
this would notify the firewall team and set the state to Pending
Activation. When the firewall team reply, the state would get set
to Activated. Similarly for block removal.

This doesn’t seem to happen any more. How can I write a scrip
that will do this?

This should still work. There is an option in RTIR config to
control this functionality with regexp. Which version do you test?

Here is the part of the config that you are looking for I think:

When requestor replies on the block in pending state RTIR

changes state, you can set regular expresion so state would

be changed only when it matches

Set($RTIR_BlockAproveActionRegexp, undef);

eg:

Set($RTIR_BlockAproveActionRegexp, firewallteam@noc.isp.com);

It is not clear if this changes the block state:
a) sending an email to place a block
b) sending an email to remove a block
c) both.

Jamie Mcloughlin +44 1235 822 383 PGP: FF7746C1
JANET CSIRT 0870 850 2340 (+44 1235 822 340)
Lumen House, Library Avenue, Didcot, Oxfordshire, OX11 0SG
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlEBWqoACgkQk+nTdv93RsF3zgCeJgN9zEhj+bANr1YgvmLw8l5w
QS0An1gU6h3FyeTPJQSzT1I9FsHmSG6C
=3B57
-----END PGP SIGNATURE-----

4

On much older versions of RTIR the state of blocks would get updated
based on correspondence. Thus I would create a block, this would notify
the firewall team and set the state to Pending Activation. When the
firewall team reply, the state would get set to Activated. Similarly for
block removal.

This doesn’t seem to happen any more. How can I write a scrip that will
do this?

This should still work. There is an option in RTIR config to control
this functionality with regexp. Which version do you test?

I’m on 2.6.1.

Regards,
Tony.
Tony Arnold, Tel: +44 (0) 161 275 6093
Head of IT Security, Fax: +44 (0) 705 344 3082
University of Manchester, Mob: +44 (0) 773 330 0039
Manchester M13 9PL. Email: tony.arnold@manchester.ac.uk

5

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1On 24/01/13 16:00, James Mcloughlin wrote:

On 24/01/13 15:30, Ruslan Zakirov wrote:

On Thu, Jan 24, 2013 at 6:46 PM, Tony Arnold tony.arnold@manchester.ac.uk wrote:

On much older versions of RTIR the state of blocks would get
updated based on correspondence. Thus I would create a block,
this would notify the firewall team and set the state to
Pending Activation. When the firewall team reply, the state
would get set to Activated. Similarly for block removal.

This doesn’t seem to happen any more. How can I write a scrip
that will do this?

This should still work. There is an option in RTIR config to
control this functionality with regexp. Which version do you
test?

Here is the part of the config that you are looking for I think:

When requestor replies on the block in pending state RTIR

changes state, you can set regular expresion so state would # be
changed only when it matches Set($RTIR_BlockAproveActionRegexp,
undef);

eg:

Set($RTIR_BlockAproveActionRegexp, firewallteam@noc.isp.com);

It is not clear if this changes the block state: a) sending an
email to place a block b) sending an email to remove a block c)
both.

Thanks. And I assume that if left undef, no state change takes place
at all?

I’ll try it out.

Regards,
Tony.

Tony Arnold, Tel: +44 (0) 161 275 6093
Head of IT Security, Fax: +44 (0) 705 344 3082
University of Manchester, Mob: +44 (0) 773 330 0039
Manchester M13 9PL. Email: tony.arnold@manchester.ac.uk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlEBXoUACgkQIsyKE/d21hneGwCfXdB9s7uUHdW3/Xcp9mzTqjj/
c48An0pQ8/KELjZlajCzynJGhBOO5dGC
=KEhM
-----END PGP SIGNATURE-----

6

Set($RTIR_BlockAproveActionRegexp, firewallteam@noc.isp.com);

It is not clear if this changes the block state: a) sending an
email to place a block b) sending an email to remove a block c)
both.

Thanks. And I assume that if left undef, no state change takes place
at all?

No. If left undef then state should change without additional checks.
If it doesn’t work then you need investigate more.

Best regards, Ruslan.

7

Set($RTIR_BlockAproveActionRegexp, firewallteam@noc.isp.com);

It is not clear if this changes the block state: a) sending an
email to place a block b) sending an email to remove a block c)
both.

Thanks. And I assume that if left undef, no state change takes place
at all?

No. If left undef then state should change without additional checks.
If it doesn’t work then you need investigate more.

Thanks. Does the From field in the reply also have to match one of the
Requestors of the ticket for the state change to take place?

Regards,
Tony.
Tony Arnold, Tel: +44 (0) 161 275 6093
Head of IT Security, Fax: +44 (0) 705 344 3082
University of Manchester, Mob: +44 (0) 773 330 0039
Manchester M13 9PL. Email: tony.arnold@manchester.ac.uk

8

Ruslan,On 24/01/13 17:12, Ruslan Zakirov wrote:

On Thu, Jan 24, 2013 at 8:59 PM, Tony Arnold tony.arnold@manchester.ac.uk wrote:

On 24/01/13 16:30, Ruslan Zakirov wrote:

On Thu, Jan 24, 2013 at 8:17 PM, Tony Arnold tony.arnold@manchester.ac.uk wrote:

Set($RTIR_BlockAproveActionRegexp, firewallteam@noc.isp.com);

It is not clear if this changes the block state: a) sending an
email to place a block b) sending an email to remove a block c)
both.

Thanks. And I assume that if left undef, no state change takes place
at all?

No. If left undef then state should change without additional checks.
If it doesn’t work then you need investigate more.

Thanks. Does the From field in the reply also have to match one of the
Requestors of the ticket for the state change to take place?

Yes. It’s not always From (Reply-To and other fields can take over
From). It’s more correct to say that Creator of the transaction should
be a requestor.

That could explain why it’s not been working before. Many thanks.

As a follow on, can I specify a group name in the Correspondents field
when creating a ticket?

For blocks I need to send the request to several people. If I send it to
an external mailing list, the reply will come back from an individual,
so the transaction Creator won’t match the Requestor.

I’d like to avoid typing a list of e-mail addresses every time we create
a block!

Regards,
Tony.
Tony Arnold, Tel: +44 (0) 161 275 6093
Head of IT Security, Fax: +44 (0) 705 344 3082
University of Manchester, Mob: +44 (0) 773 330 0039
Manchester M13 9PL. Email: tony.arnold@manchester.ac.uk

9

As a follow on, can I specify a group name in the Correspondents field
when creating a ticket?

Sadly it’s not available in UI of RTIR or RT. Only later in RT from
People page, don’t recall if RTIR can do it or not.

Best regards, Ruslan.