The rwhod daemon is a process that allows a remote user to see who is logged into your system. The client program is rwho. It has many of the same security problems as the finger daemon. For a crack,er use of rwho could allow him to watch for times on your system when nobody is logged in and begin his attacks. It also allows him to find out user names of accounts on your system and target them as possible attack points.
Luckily most Linux distributions recognize this vulnerability and although they include rwhod, many have stopped installing it by default. To verify that it is not running on your system run the following command:
ps axlww | grep rwho
If any process other than grep itself shows up, you should disable it. On Red Hat and similar distributions, the command to remove rwhod from your system is:
rpm -e rwho