SGI: Security

It's common knowledge that irix isn't exactly the most secure OS on the planet, but when nekonoko was running nekochan.net on his O350s, were there any breakin attempts? Just for curiosity's sake.

No, not that I'm aware of. As long as you limit which ports/services are exposed and keep your open source components up to date (Apache, PHP, MySQL etc) it's no worse than any other OS.

You can also keep an eye out for the advisories on other vanilla-esque SysV Unices. The good thing about IRIX is that as an open system you can swap in many of the services from an xBSD or GNU system if something comes up. AFAIK there haven't been any core compromises in a while (kernel errors, libc errors, etc.)

Well, honestly who is actively looking for IRIX vulnerabilities? And why would they even bother?

All you need is one open door, and if compromising a vulnerable IRIX box gets you through that door onto a local net, then it may well be game over. The IRIX box is not necessarily the target, but the vector, and in an age when botnets control cpu power and bandwidth that were once the sole province of governments with supercomputers, adding a probe for a set of IRIX vulnerabilities does not have to be a costly proposition.

On the one hand, botnets are a game of scale and volume so at least the operators thereof will be more interested in Windows, Linux variants, and maybe OS X. On the other hand, people concerned with penetrating new and interesting sites will use whatever gets them in the door. In that case targeting more *NIX variants may well be worthwhile, in which case it isn't so much a question of developing new IRIX exploits as keeping old exploits and rootkits on hand. With good OS fingerprinting you can even make sure you're only trying those methods when dealing with that variant.

And yes, if they're renting botnets or have similar resources, they can afford to twist a lot of doorknobs in a lot of different ways. But when you start assuming specific targeting by a party with serious resources, you may be into a different conversation than where the OP started...

There is "Trusted IRIX (TIRIX)" for those who needs it, id est governments, educational institutions, banks etc... It's more or less an open secret that it exists and is audited.

I don't think there was any secret involved, there are press releases and white papers about it achieving B1/LSPP certification .

Keep in mind that while I'm sure they still support it for paying customers, Trusted IRIX is likely at most in maintenance mode. The Trusted IRIX Security Admin Guide was last updated in 2003, from what I can find. Still, it might help and could be educational to play with anyway if you can find a copy.

At this point any IRIX is pretty much in maintenance mode, at least de facto maintenance.

For most people you probably aren't going to get too much out of TIRIX that you don't get out of regular IRIX with all the security patches (and a good security setup).