4.1.2.13 rwhod

Information

This entry starts the rwhod daemon on system startup. This is the remote WHO service.

Rationale:

The rwhod daemon is the remote WHO service, which collects and broadcasts status information to peer servers on the same network. It is recommended that this daemon is disabled, unless it is required.

Solution

On AIX 7.1 and earlier comment out the rwhod entry in /etc/rc.tcpip and ensure service is stopped:

chrctcp -d rwhod
stopsrc -s rwhod

On AIX 7.2 and later remove the software:

installp -u bos.net.tcp.rcmd_server

Default Value:

Disabled

See Also

https://workbench.cisecurity.org/benchmarks/7851