If rwhod is not required on AIX, the rwhod daemon must be disabled.
Overview
| Finding ID |
Version |
Rule ID |
IA Controls |
Severity |
| V-215362 |
AIX7-00-003056 |
SV-215362r958478_rule |
|
Medium |
| Description |
| This is the remote WHO service.
To prevent remote attacks this daemon should not be enabled unless there is no alternative. |
Details
| Check Text (C-16560r294537_chk) |
From the command prompt, execute the following command:
# grep "^start[[:blank:]]/usr/sbin/rwhod" /etc/rc.tcpip
If there is any output from the command, this is a finding. |
| Fix Text (F-16558r294538_fix) |
In "/etc/rc.tcpip", comment out the "rwhod" entry by running command:
# chrctcp -d rwhod |