If rwhod is not required on AIX, the rwhod daemon must be disabled.

An XCCDF Rule

Description

This is the remote WHO service. To prevent remote attacks this daemon should not be enabled unless there is no alternative.

ID: SV-215362r958478_rule
Version: AIX7-00-003056
Severity: Medium
References: CCI-000381
Updated: 24 days ago

Remediation Templates

In "/etc/rc.tcpip", comment out the "rwhod" entry by running command: 
# chrctcp -d rwhod