Security update: Mandatory GPG key rotation for Meridian and Horizon

In the wake of the CircleCI breach, we have been reviewing policies and updating keys and tokens used in our automation for anything that could potentially be affected. While we have no evidence of any of specific credentials being leaked, we've needed to document procedures for rotating keys anyway, so now was the perfect time to [...]

By |2023-03-13T15:33:33+00:00February 13th, 2023|

How to Monitor Processes With SNMP

Monitoring processes that don't provide network services is a default use case in network monitoring. Because they aren't providing network services, black box testing won't work- you need an agent on your system providing an inside view of your operating system. The Net-SNMP agent is easy to install and configure on Linux or Unix. It's compatible [...]

By |2023-03-13T15:32:27+00:00January 12th, 2023|

2022 Cybersecurity Awareness Month

October’s Cybersecurity Awareness Month seems like a great time to discuss the improvements we are making at The OpenNMS Group to improve our security practices. For almost 20 years, OpenNMS staff developers and the open source contributor community have partnered to create robust and secure network monitoring platforms available in community-driven (Horizon) and enterprise-ready (Meridian) distributions.. [...]

By |2023-02-13T21:35:27+00:00October 27th, 2022|

Celebrate Open Source during Hacktoberfest 2022

Hacktoberfest is an annual, month-long celebration of open source software driven by Digital Ocean. During this event everyone can support open source by contributing changes, and earn some limited-edition swag. We would like to invite you to participate and contribute to the OpenNMS project. There are many ways to contribute: you can work on code or [...]

By |2023-03-09T15:37:42+00:00October 17th, 2022|

OpenNMS is now a CNA!

The security team at The OpenNMS Group has partnered with MITRE to become a Common Vulnerability and Exposures (CVE) Numbering Authority (CNA). Through the CVE program, MITRE ensures that application vulnerabilities are uniquely identified and accurately reported. As a numbering authority, The OpenNMS Group security team will assign numbers to vulnerabilities and exposures identified within our [...]

By |2023-02-13T21:35:36+00:00August 30th, 2022|

International Girls in ICT Day 2022: Access and Safety

We invited OpenNMS employees to share their own experiences in ICT as women, non-binary, those identifying as female, or allies. Read their stories. International Girls in ICT Day celebrates the importance of girls and women in the information and communications technology sector. Since 2001, the International Telecommunication Union (ITU), a United Nations agency, has sponsored [...]

By |2023-01-11T17:07:45+00:00April 28th, 2022|

OpenNMS + SpringShell CVE-2022-22965

OpenNMS and the Spring Core Remote Code Execution Vulnerability (SpringShell) CVE-2022-22965A serious remote code execution (RCE) vulnerability exists in some versions of the Spring Framework, which is used by OpenNMS Meridian and Horizon. OpenNMS Meridian and Horizon are not known to be vulnerable because the published exploit for this RCE requires: All Attributes Required for [...]

By |2023-02-13T21:37:31+00:00April 1st, 2022|

OpenNMS Products Affected by Apache Log4j Vulnerability CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 (updated Dec. 20, 2021)

Serious remote code execution (RCE) and denial of service (DOS) vulnerabilities in Apache Log4j could affect customers running some OpenNMS products. These vulnerabilities could allow an attacker to shut down or compromise your system by causing OpenNMS to log specially crafted messages into system log files for malicious purposes. Apache Log4j could interpret one of those [...]

By |2023-03-13T15:38:13+00:00December 10th, 2021|

OpenNMS joins Hacktoberfest 2021

There will be just one Hacktoberfest 2021 and it is coming soon! The OpenNMS community will participate and we are looking for contributors who want to join us in October. Hacktoberfest is an annual, month-long celebration of open source software driven by Digital Ocean. During this event everyone can support open source by contributing changes, [...]

By |2021-09-23T19:16:54+00:00September 23rd, 2021|

How to: Contribute to OpenNMS

Submitting issues, fixing bugs, contributing features, enhancements, and extensions, writing documentation, or reporting security issues are all valuable ways that our community helps make OpenNMS a better monitoring platform. OpenNMS uses Jira to manage issue tracking and development. Once you have a Jira account and have signed the OpenNMS Contribution Agreement (OCA), you can start [...]

By |2021-09-02T18:51:35+00:00September 2nd, 2021|
Go to Top