Some questions, some comments

First off, my hat off to Jesse (& Co) for working and providing
RT/RTIR/RTFM. That takes some doing.

My comments and question are not based on problems that I experience, as
I have managed to get all components installed and running, as they
should be. (Or at least I believe they should be… :slight_smile:

RTIR is installed as a “local” add-on. Why was this done, and is there
any plans to add it into the actual RT tree? The problem with the local
tree is that I end up having to edit the installed files, rather than
the local copies of it. Not a train-smash, just a thought…

I have been looking at RT in general for an Abuse queue. However, there
are some serious implications… Using RTIR has some issues as well.

I.E. I would like to take an abuse complaint, and have a link, with
which I can launch an investigation, which automatically creates the new
ticket, links the old one, and copies the text of the old one into the
Content field, to be edited, so that we effectively have “attached” the
complaint that gets sent to our client for actioning.
If the client does not get the original message, they claim that there
was no complaint…

One big catch in this whole scenario is that we are legally not allowed
to disclose our client’s info to a complainant, unless required to do so
by a court of law, so the complainant should never see the contact email
and conversation between ourselves and the client, unless our client
chooses to disclose this.

I therefore have considered, to run an incoming queue, and an "outgoing"
queue, where we generate tickets in our clients’ name, and any
conversation will be delegated to that ticket only. The original
complaint is then marked as being dependant on this "conversation"
ticket.

In order to try and streamline this, I am playing with the old
Stock-Answers. Yes, I know everybody says that RTFM does the job, but I
disagree with that. Our website is not visible from outside, so linking
RTFM articles with a URL to it, is useless, as they cannot see it.
Unless my RTFM doesn’t work the way it’s supposed to…
Therefore, I managed to get StockAnswers to work on RT3.0.6, and was
wondering what the general feel is towards using something similar in
RTIR, to have stock-“fill-in”-templates, to send to the client that is
being complained about…

We do not use the Tools section of RTIR, as we have IP allocations of
our own, and we do not have much need for traceroute or global whois
lookups. Our setup is of such nature that we receive complaints about
our clients, but we do not receive complaints from our clients, about
outside abuse, as we do not have the manpower to actually man such an
abuse setup.
I would therefore possibly like to run a local whois server, with
contact details for our specific needs.
Has anyone got any experience in setting up a whois server with local
content, and if so, where do I start looking for source and docs etc.?

System:
FreeBSD 4.8 Stable
Apache 1.3.27
Mod Perl 1.27
Perl 5.8.0
RT 3.0.6
RTIR 1.0.0
RTFM 2.0.0

Regards, J�rn Hass
Senior Systems Engineer, Infrastructure.
Internet Solutions
Tel: +27 (11) 575 1000
Fax: +27 (11) 388 3362
E-mail: jorn.hass@is.co.za
WWW: http://www.is.co.za

Please note: This email and its content are subject to the disclaimer as displayed at the following link http://www.is.co.za/disc.asp. Should you not have Web access, send a mail to disclaimers@is.co.za and a copy will be emailed to you.

Hi,

Jorn Hass wrote:

I would therefore possibly like to run a local whois server, with
contact details for our specific needs.
Has anyone got any experience in setting up a whois server with local
content, and if so, where do I start looking for source and docs etc.?

easy to do, you just need to have a script take the incoming IP address
and look it up in a database, then print the corresponding output. I
have added the inetd.conf line and extracts of our local tool.
Use at your own risk, no warranty or support.

/etc/inet/inetd.conf
whois stream tcp nowait nobody /home/whois/subnet-query
subnet-query

/home/whois/subnet-query
#!/bin/perl -Tw

use strict;

my $fn=“/home/whois/subnets”;# Site

this is a TAB sepoerated list with:

Date

Start

End ← inserted by this program, not part of original list!

Netmask

site contact

…further fields…

my @line;
my @start;
my @end;
…some more variable…

open(SUBNETS, “< $fn”) or die “Cannot open $fn: $!”;
while()
{
chomp;
@line = split(/\t/, $_);
@start = ();
@end = ();
push( @{ $subnet{$line[2]} }, @line );
@start = ($1, $2, $3, $4) if($line[2] =~
/^([01]?\d\d?|2[0-4]\d|25[0-5]).([01]?\d\d?|2[0-4]\d|25[0-5]).([01]?\d\d?|2[0-4]\d|25[0-5]).([01]?\d\d?|2[0-4]\d|25[0-5])$/);
@end = ($1, $2, $3, $4) if($line[3] =~
/^([01]?\d\d?|2[0-4]\d|25[0-5]).([01]?\d\d?|2[0-4]\d|25[0-5]).([01]?\d\d?|2[0-4]\d|25[0-5]).([01]?\d\d?|2[0-4]\d|25[0-5])$/);
if( ($#start == 3) && ($#end == 3) )
{
for ($i=0; $i<4; $i++)
{
$end[$i] = ( $start[$i] | ( 255 ^ $end[$i] ) );
}
splice( @{ $subnet{$line[2]} }, 3, 0,
“$end[0].$end[1].$end[2].$end[3]” );
}
}
close(SUBNETS) or die “Cannot close $fn: $!”;

$_=;
{
chomp;
@ip = ();
@ip = ($1, $2, $3, $4)
if(/\b([01]?\d\d?|2[0-4]\d|25[0-5]).([01]?\d\d?|2[0-4]\d|25[0-5]).([01]?\d\d?|2[0-4]\d|25[0-5]).([01]?\d\d?|2[0-4]\d|25[0-5])\b/);
next unless($#ip == 3);

            foreach (keys %subnet)
             {
                     @line = @{ $subnet{$_} };
                     @start = ($1, $2, $3, $4) if($line[2] =~ 

/^([01]?\d\d?|2[0-4]\d|25[0-5]).([01]?\d\d?|2[0-4]\d|25[0-5]).([01]?\d\d?|2[0-4]\d|25[0-5]).([01]?\d\d?|2[0-4]\d|25[0-5])$/);
@end = ($1, $2, $3, $4) if($line[3] =~
/^([01]?\d\d?|2[0-4]\d|25[0-5]).([01]?\d\d?|2[0-4]\d|25[0-5]).([01]?\d\d?|2[0-4]\d|25[0-5]).([01]?\d\d?|2[0-4]\d|25[0-5])$/);
next if($start[0] > $ip[0]);
next if($end[0] < $ip[0]);
next if($start[1] > $ip[1]);
next if($end[1] < $ip[1]);
next if($start[2] > $ip[2]);
next if($end[2] < $ip[2]);
next if($start[3] > $ip[3]);
next if($end[3] < $ip[3]);

                     found();
             }

}

“sub found” is actually printing (to STDOUT) the information for the
match, but it does a lot more (like cross-correlating information from
LDAP server) to repeat here. I guess I can leave the rest as an exercise.

Best regards,

Ruediger Riediger

Dr. Ruediger Riediger Sun Microsystems GmbH
NSG - SunCERT Komturstr. 18a
mailto:Ruediger.Riediger@Sun.com D-12099 Berlin
NOTICE: This email message is for the sole use of the intended
recipient(s) and may contain confidential and privileged information.
Any unauthorized review, use, disclosure or distribution is prohibited.
If you are not the intended recipient, please contact the sender by
reply email and destroy all copies of the original message.
PGP 2048RSA/0x2C5020E9 964C E189 0FF0 8882 2BAB 65E2 6912 1FF2

RTIR is installed as a “local” add-on. Why was this done, and is there
any plans to add it into the actual RT tree? The problem with the local
tree is that I end up having to edit the installed files, rather than
the local copies of it. Not a train-smash, just a thought…

That’s historical and will be fixed.

In order to try and streamline this, I am playing with the old
Stock-Answers. Yes, I know everybody says that RTFM does the job, but I
disagree with that. Our website is not visible from outside, so linking
RTFM articles with a URL to it, is useless, as they cannot see it.
Unless my RTFM doesn’t work the way it’s supposed to…

Er, your RTFM isn’t doing what it’s supposed to. One of the key features
of RTFM is that it allows you to include the content of articles into
ticket replies. It’s a functional superset of the old stockanswers
functionality.

I would therefore possibly like to run a local whois server, with
contact details for our specific needs.
Has anyone got any experience in setting up a whois server with local
content, and if so, where do I start looking for source and docs etc.?

We have customers doing just this. IIRC, they’re using the RIPE whois
server.

Request Tracker — Best Practical Solutions – Trouble Ticketing. Free.