The rwhod daemon is a process that allows a remote user to see who is logged into your system. The client program is rwho. It has many of the same security problems as the finger daemon. For a crack,er use of rwho could allow him to watch for times on your system when nobody is logged in and begin his attacks. It also allows him to find out user names of accounts on your system and target them as possible attack points.

Luckily most Linux distributions recognize this vulnerability and although they include rwhod, many have stopped installing it by default. To verify that it is not running on your system run the following command:

ps axlww | grep rwho

If any process other than grep itself shows up, you should disable it. On Red Hat and similar distributions, the command to remove rwhod from your system is:

rpm -e rwho

Published by Michael Boguslavskiy

Michael Boguslavskiy is a full-stack developer & online presence consultant based out of New York City. He's been offering freelance marketing & development services for over a decade. He currently manages Rapid Purple - and online webmaster resources center; and Media Explode - a full service marketing agency.

Leave a comment

Your email address will not be published. Required fields are marked *