In the wake of the CircleCI breach, we have been reviewing policies and updating keys and tokens used in our automation for anything that could potentially be affected. While we have no evidence of any of specific credentials being leaked, we've needed to document procedures for rotating keys anyway, so now was the perfect time to [...]
Monitoring processes that don't provide network services is a default use case in network monitoring. Because they aren't providing network services, black box testing won't work- you need an agent on your system providing an inside view of your operating system. The Net-SNMP agent is easy to install and configure on Linux or Unix. It's compatible [...]
October’s Cybersecurity Awareness Month seems like a great time to discuss the improvements we are making at The OpenNMS Group to improve our security practices. For almost 20 years, OpenNMS staff developers and the open source contributor community have partnered to create robust and secure network monitoring platforms available in community-driven (Horizon) and enterprise-ready (Meridian) distributions.. [...]
Hacktoberfest is an annual, month-long celebration of open source software driven by Digital Ocean. During this event everyone can support open source by contributing changes, and earn some limited-edition swag. We would like to invite you to participate and contribute to the OpenNMS project. There are many ways to contribute: you can work on code or [...]
The security team at The OpenNMS Group has partnered with MITRE to become a Common Vulnerability and Exposures (CVE) Numbering Authority (CNA). Through the CVE program, MITRE ensures that application vulnerabilities are uniquely identified and accurately reported. As a numbering authority, The OpenNMS Group security team will assign numbers to vulnerabilities and exposures identified within our [...]
We invited OpenNMS employees to share their own experiences in ICT as women, non-binary, those identifying as female, or allies. Read their stories. International Girls in ICT Day celebrates the importance of girls and women in the information and communications technology sector. Since 2001, the International Telecommunication Union (ITU), a United Nations agency, has sponsored [...]
OpenNMS and the Spring Core Remote Code Execution Vulnerability (SpringShell) CVE-2022-22965A serious remote code execution (RCE) vulnerability exists in some versions of the Spring Framework, which is used by OpenNMS Meridian and Horizon. OpenNMS Meridian and Horizon are not known to be vulnerable because the published exploit for this RCE requires: All Attributes Required for [...]
Serious remote code execution (RCE) and denial of service (DOS) vulnerabilities in Apache Log4j could affect customers running some OpenNMS products. These vulnerabilities could allow an attacker to shut down or compromise your system by causing OpenNMS to log specially crafted messages into system log files for malicious purposes. Apache Log4j could interpret one of those [...]
There will be just one Hacktoberfest 2021 and it is coming soon! The OpenNMS community will participate and we are looking for contributors who want to join us in October. Hacktoberfest is an annual, month-long celebration of open source software driven by Digital Ocean. During this event everyone can support open source by contributing changes, [...]
Submitting issues, fixing bugs, contributing features, enhancements, and extensions, writing documentation, or reporting security issues are all valuable ways that our community helps make OpenNMS a better monitoring platform. OpenNMS uses Jira to manage issue tracking and development. Once you have a Jira account and have signed the OpenNMS Contribution Agreement (OCA), you can start [...]
