Usage of rwho, rwhod and rwhod++
This page describes usage, deployment and advantages of the rwho/rwhod system.First: This page assumes that you are familiar with standard UNIX/Linux installations and of course also UNIX commands. The usage of rwho/rwhod is only useful if you administer a lot of computers. So using this is more or less senseless on a standalone workstation.
What is this for?With rwhod its possible to do some simple form of remote monitoring of computers. Think of having a lot workstations, potential physically located in different rooms. This system allows you to lookup: uptime, load and logged in users. For retrieving informations exists the standard UNIX commands:
The traditional system with rwhod:Every computer runs a rwhod and uses broadcasts (on the configured subnet) to spread informations about itself. So other computers with rwhod-daemon may listen to this information-packets and can maintain a list of 'active' computers.
So the rwhod-daemon is both a producer and a consumer of information. The list of 'active' computers is traditionally maintained in /var/spool/rwho or /var/rwho.
This system works well in small-sized networks. Unfortunately this configuration implies some not-so-well features:
The system with rwhod++:Basically the rwhod++-daemon is a direct replacement for the rwhod-daemon. Difference is that it now queries each host on the network instead of using broadcasts. So the produced files are still in the same format accessable by rwho and ruptime. (For implementation details please see the README file in the tgz-archive.)
The usual scenario is to setup only one daemon and distribute the gathered information with a standard network filesystem (e.g. NFS). The rwhod++-daemon gathers informations by querying two specialized daemons on each computer in the network.
So on every host the rusersd and the rstatd service must be available. Normally these daemons are distributed with the operating system, so under Linux you only have to install the package(s). (They are often called rusersd and rstatd, sometimes rpc.rusersd resp. rpc.rstatd.)
You can test your setup with the command rpcinfo -p <hostname>. There should be some output about these two services.
NOTE: Since these services are SunRPC based it's necessary to allow that the portmapper is running and accessable. When this rpcinfo command does not produce any output or just prints an error message than the portmapper is potentially unreachable.
Although this daemon does not broadcast to reach other computers it
needs some other source of information about hosts. There are
two options: NIS-netgroup or a plain file. The NIS (a.k.a YP)
netgroup has the advantage of being centrally managed but can
also be more complicated. So a plain (ascii) file with every host
in the network (line by line) is also sufficient.
So this rwhod++ system has some advantages over the
traditional system. The subnet-, network traffic problem
and mostly the data protection and security problems
OtherThis rwhod++ is only one possible replacement for the traditional rwhod system. There are a lot of other systems on market that fits the purpose of monitoring and even more. This ranges from security scanners like nessus, some gnome or kde developments or big solutions like IBM Tivoli.