Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Display remote uptime info UNIX
If you have multiple mac os x machines on a LAN, you can run rwhod found at /usr/sbin/rwhod; you will have to launch it with "sudo rwhod". If you run this on all machines on your LAN you can type ruptime and get the uptime of those machines:
[:/var/rwho] bryan% ruptime
www100 up 3+01:53, 1 user, load 1.12, 1.03, 1.01
www200 up 8+04:30, 1 user, load 1.99, 1.99, 1.99
[Editor's note: I could not get this to work on my machines; ruptime returns a "no hosts in /var/rwho" error message. Also, in trying to investigate why I was getting this message, I read a couple of articles that indicate that rwhod can flood a network with informational messages. These articles recommended disabling rwhod to improve network performance. Any thoughts on why I couldn't make this work, and/or on rwhod in general?]
  • Currently 2.33 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (3 votes cast)

Display remote uptime info | 6 comments | Create New Account
Click here to return to the 'Display remote uptime info' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Authored by: bkitchman on Feb 15, '02 01:12:17PM

Did you have rwhod running on all the local machines?
The only thing you need is to have rwhod running on all machines, this way it will create the whod.machinename file in the /var/rwho directory. It may take a few minutes before you get your first results. I have read in different places, that rwhod sends out a package of data every 30 seconds, then I saw elsewhere that it was every 11 minutes. You can also configure rwhod to track the uptime of a machine of a WAN. That is my next test. I am also trying to get uptime on my windows machine using RWhodwin from It seems that I either have the port wrong or it just doesn't talk to the os x machine for some reason.

[ Reply to This | # ]
rwho and cousins are a security risk
Authored by: rselph on Feb 15, '02 02:16:16PM

rwho and ruptime can be pretty convenient, but they belong to a class of services that were invented way back when the network was trusted. These days they are considered security risks, so DON'T run the rwhod on any machine that is exposed to traffic from the internet. I don't even run these services within firewalls.

[ Reply to This | # ]
rwho and cousins are a security risk
Authored by: bkitchman on Feb 15, '02 07:17:56PM

Being an immature sys admin, I like to try new services on my machines. If at a point I find it caused a security issue, I try to resolve it. I had spoken to another person who had thought that rwhod might be a security risk as well. However, when searching for known issues for this old service, I did find one security hole that was patched almost 4 years ago. If you know of any other security issues that this may cause, please share with me (us).

[ Reply to This | # ]
rwho and cousins are a security risk
Authored by: rselph on Feb 16, '02 02:35:04PM

No, I don't have a specific vulnerability in mind. And certainly, if you are in learning mode you should experiment all you want.

I just go by the philosophy that any network service should be turned off unless you have a good use for it. Less is more secure. :-)

Certainly rsh and rcp are regularly turned off by sysadmins since they pose a risk of insecure configuration, even without any bugs. Because of this, there's a general rule "disable the r-services." I may be unfairly lumping rwhod in with these others.


[ Reply to This | # ]
rwho and cousins are a security risk
Authored by: nullchar on Feb 16, '02 03:29:44PM

One must remember though just because the daemon itself doesn't have a vulnerability ( or at least one known ) doesn't mean that its generally safe to run the service. You also have to understand what information is being leaked because of the service. For example rwhod one can get uptime information but as well login information. So I can get usernames on your machine of active people.

Imagine you have ssh running on your machine well now since I have a username I have half the battle won I just need to crack your password ( if you haven't disabled password auth in ssh naturally. Easier said then done sometimes I know but how many times do you check your OS X machine for failed ssh attempts?). Think if you activate the root account on your OS X machine. Since OS X ships SSH with password authentication on and root logins possible there's another possibility.

Another example is uptime can leak information indirectly. For example if I find out the machine is running linux and has an uptime of 2+ years. Well I know then you are probably running a 2.0 kernel and cross reference vulnerabilities on that kernel arcitecture. Yes I know nmap give me this info anyways ;)

So to recap if you want to be security aware and run "safe" machines. Looking up possible vulnerabilities is only half the solution. Understanding what the services give away is truely important ;)

[ Reply to This | # ]
Display remote uptime info
Authored by: ecammit on Dec 27, '04 01:04:16PM

You have to open your firewall for UDP port 513 with a destination of the broadcast address.

It is easiest in OS X to just go into the sharing control panel and configure the firewall there to open 513 to all access.

[ Reply to This | # ]