If rwhod is not required on AIX, the rwhod daemon must be disabled.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-215362 | SRG-OS-000095-GPOS-00049 | AIX7-00-003056 | SV-215362r958478_rule | 2026-02-06 | 3 |
Description
This is the remote WHO service.
To prevent remote attacks this daemon should not be enabled unless there is no alternative.
ℹ️ Check
From the command prompt, execute the following command:
# grep "^start[[:blank:]]/usr/sbin/rwhod" /etc/rc.tcpip
If there is any output from the command, this is a finding.
✔️ Fix
In "/etc/rc.tcpip", comment out the "rwhod" entry by running command:
# chrctcp -d rwhod