4.1.2.13 rwhod

Information

This entry starts the rwhod daemon on system startup. This is the remote WHO service.

Rationale:

The rwhod daemon is the remote WHO service, which collects and broadcasts status information to peer servers on the same network. It is recommended that this daemon is disabled, unless it is required.

Solution

On AIX 7.1 and earlier comment out the rwhod entry in /etc/rc.tcpip and ensure service is stopped:

chrctcp -d rwhod
stopsrc -s rwhod

On AIX 7.2 and later remove the software:

installp -u bos.net.tcp.rcmd_server

Default Value:

Disabled

Additional Information:

Besides removing the rwhod command (and others that should be removed) there are two commands related to configuring authentication setting - standard or Kerberos. If your authentication policy specifies Kerberos as the preferred authentication mechanism - you should skip removing this fileset on AIX 7.2 and later.

If you are not using Kerberos it is safe to uninstall.

lslpp -f bos.net.tcp.rcmd_server

Fileset File

----------------------------------------------------------------------------

Path: /usr/lib/objrepos

bos.net.tcp.rcmd_server 7.2.4.0

/usr/bin/rdistd -> /usr/sbin/rdistd

/usr/sbin/krshd

/usr/sbin/krlogind

/usr/sbin/rshd

/usr/sbin/fingerd

/usr/sbin/rwhod

/usr/bin/lsauthent ## might be needed

/usr/sbin/rlogind

/usr/sbin/rexecd

/usr/samples/tcpip/rhosts

/usr/bin/chauthent ## might be needed

/usr/sbin/talkd

/usr/sbin/rdistd

Path: /etc/objrepos

bos.net.tcp.rcmd_server 7.2.4.0

/etc/hosts.equiv

See Also

https://workbench.cisecurity.org/benchmarks/13069

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2

Plugin: Unix

Control ID: 3c693a9f9cfa112390f711841fda63f749c5cd5eb2b991b081affaed7d87ed2a