# Telnetd deleted after exit?



## aparticka (Jan 16, 2012)

I should start off by saying that I'm not that experienced using FreeBSD.

With that said, I manage a system that uses a server running FreeBSD 8.0 to accept incoming connections via telnet. There are machines that connect and log in to a user with a modified shell program that communicates back and forth with the machine until all of the data is transferred.

Today I was notified that the machines could no longer connect, so I went and looked in /var/log/messages to see what was going on. It was littered with 
	
	



```
cannot execute /usr/libexec/telnetd: No such file or directory
```
 messages. I thought that was strange so I scrolled up and saw a message that telnetd exited with signal 10.

My question is why would telnetd have been deleted?

Also, how do I get it back? Will running freebsd-update do the trick?

Again, forgive my ignorance and I appreciate any help anyone has to offer.


----------



## pbd (Jan 16, 2012)

aparticka said:
			
		

> My question is why would telnetd have been deleted?


That's not normal. It does not disappear all by itself. Did the machine crash? It could be some filesystem inconsitency try running `# fsck -a` in single user mode. Or is the machine connected to internet - could someone break into it? Telnet is not secure.



			
				aparticka said:
			
		

> Also, how do I get it back? Will running freebsd-update do the trick?



Yes, if you use freebsd-update to update to current release (9.0), it will install telnetd back.

Again, consider running sshd instead of telnetd, files doesn't simply disappear. Check at least output of last or see /var/log/auth.log if someone didn't crack into it.


----------



## gkontos (Jan 16, 2012)

Please forgive me if I sound too sarcastic but is this thing accepting connections over the Internet?

telnetd besides being a very insecure protocol, has many vulnerabilities, like this recent. 

First, find out by yourself if telned is really missing.

[CMD=""]>whereis telnetd [/CMD]

```
telnetd: [FILE]/usr/libexec/telnetd[/FILE] [FILE]/usr/share/man/man8/telnetd.8.gz[/FILE] [FILE]/usr/src/libexec/telnetd[/FILE]
```
[CMD=""]>ls /usr/libexec/ | grep telnetd[/CMD]

```
[FILE]telnetd[/FILE]
```

If it is there then you can start troubleshooting why it is not responding, permissions error, etc.

If not you can just reinstall a 8.0-RELEASE version of the file. You can not use freebsd-update to patch telnetd because 8.0-RELEASE is not supported any more. But you can upgrade to a more recent version with the security updates.

In any case, alert your colleagues about this situation and start doing some investigation on what went wrong. 
If you have to use telnetd for that application then convince whoever you have to that it might be a good idea to set up a VPN for this.


----------



## aparticka (Jan 17, 2012)

Alright, thanks for the help guys. Here's what I have so far.

`# fsck` produces the following, I'm not sure what it means.

```
** /dev/ad0s1a (NO WRITE)
** Last Mounted on /
** Root file system
** Phase 1 - Check Blocks and Sizes
** Phase 2 - Check Pathnames
** Phase 3 - Check Connectivity
** Phase 4 - Check Reference Counts
** Phase 5 - Check Cyl groups
3083 files, 99280 used, 154535 free (3167 frags, 18921 blocks, 1.2% fragmentation)
** /dev/ad0s1e (NO WRITE)
** Last Mounted on /tmp
** Phase 1 - Check Blocks and Sizes
** Phase 2 - Check Pathnames
** Phase 3 - Check Connectivity
** Phase 4 - Check Reference Counts
** Phase 5 - Check Cyl groups
9 files, 7 used, 253808 free (32 frags, 31722 blocks, 0.0% fragmentation)
** /dev/ad0s1f (NO WRITE)
** Last Mounted on /usr
** Phase 1 - Check Blocks and Sizes
** Phase 2 - Check Pathnames
** Phase 3 - Check Connectivity
** Phase 4 - Check Reference Counts
UNREF FILE I=1295388  OWNER=root MODE=100555
SIZE=86628 MTIME=Nov 21 08:54 2009 
CLEAR? no

** Phase 5 - Check Cyl groups
45101 files, 1927528 used, 112302270 free (12886 frags, 14036173 blocks, 0.0% fragmentation)
** /dev/ad0s1d (NO WRITE)
** Last Mounted on /var
** Phase 1 - Check Blocks and Sizes
** Phase 2 - Check Pathnames
** Phase 3 - Check Connectivity
** Phase 4 - Check Reference Counts
UNREF FILE I=212066  OWNER=mysql MODE=100600
SIZE=0 MTIME=Nov 14 14:20 2011 
CLEAR? no

UNREF FILE I=212092  OWNER=mysql MODE=100600
SIZE=0 MTIME=Nov 14 14:20 2011 
CLEAR? no

UNREF FILE I=212093  OWNER=mysql MODE=100600
SIZE=0 MTIME=Nov 14 14:20 2011 
CLEAR? no

UNREF FILE I=212094  OWNER=mysql MODE=100600
SIZE=0 MTIME=Nov 14 14:20 2011 
CLEAR? no

UNREF FILE I=212095  OWNER=mysql MODE=100600
SIZE=0 MTIME=Nov 14 14:20 2011 
CLEAR? no

UNREF FILE  I=329762  OWNER=aparticka MODE=100660
SIZE=0 MTIME=Jan 16 21:30 2012 
RECONNECT? no


CLEAR? no

** Phase 5 - Check Cyl groups
55252 files, 762070 used, 747633 free (13993 frags, 91705 blocks, 0.9% fragmentation)
```

I've looked through the log files and it doesn't appear that anyone attempted to break in.

In response to gkontos:

[cmd=""]whereis telnetd[/cmd]

```
telnetd: /usr/share/man/man8/telnetd.8.gz
```

[cmd=""]ls /usr/libexec/ | grep telnetd[/cmd]
finds nothing.

I tried running `# freebsd-update -r 9.0-RELEASE upgrade`
and after running through all the prompts, /usr/sbin/telnetd and /usr/libexec/telnetd are not listed in the files to be updated.

As far as using telnetd, I was hired recently and have had to deal with a lot of poor choices by the last developer. I'm working to convert the system to start using sshd but the machines talk in a funny way.

Again, thanks for the help guys, I appreciate it.


----------



## gkontos (Jan 17, 2012)

You should consider updating to 8.1-RELEASE or 8.2-RELEASE. Don't perform a major version upgrade to a system that you don't know on an OS that you are not very experienced with. 

First *BACKUP* everything that is important!!! 

Boot into single user mode and perform:

[CMD=""]#fsck -p[/CMD]

That should give you a better diagnostics on what is going on. Depending on the results, you can run fsck() with other options as well.


----------



## SirDice (Jan 17, 2012)

It's possible somebody hacked their way into your server using this vulnerability. This would give an attacker full root access. The attacker could then have deleted /usr/libexec/telnetd.

All this would leave NO traces in the log files.


----------



## aparticka (Jan 17, 2012)

Thanks, I tried upgrading to 8.1-RELEASE as well and /usr/libexec/telnetd was not listed in the files to be installed.

`# fdsk -p`

I ran that in single mode and it said everything was good to go.



			
				&quot said:
			
		

> If not you can just reinstall a 8.0-RELEASE version of the file.



How would I go about doing this?


----------



## aparticka (Jan 17, 2012)

Whoops, my mistake. I ran
`# fsck -p`


----------



## gkontos (Jan 17, 2012)

aparticka said:
			
		

> Thanks, I tried upgrading to 8.1-RELEASE as well and /usr/libexec/telnetd was not listed in the files to be installed.
> 
> `# fdsk -p`
> 
> ...



Grab a copy from: ftp://ftp.freebsd.org/pub/FreeBSD/ISO-IMAGES-amd64/8.1/FreeBSD-8.1-RELEASE-amd64-disc1.iso burn it and just re install that file.


----------



## aparticka (Jan 17, 2012)

I ended up installing 8.2-RELEASE on a different computer and just copying /usr/libexec/telnetd to the server.

Thanks for all the help!


----------

