Ok, admittedly I'm on the old Management Gateway, but I'm hoping to get some help here.
This is my Gateway version info:
LANDesk Management Gateway release: 4.0-1.48
Web console version: 1.0-1.63
Gateway service version: 126.96.36.199
OS: LDLinux PE 4.0-1.48 10/04/07 06:23 - (scrappy)
2 days ago I started getting hourly cron.hourly run-parts messages that say
msec: User bin in shadow but not in passwd file
msec: group name bin not found
I have logged in to the command line via putty and have checked both the shadow and passwd file, neither one has a user bin in it. Also, the group file does have a group name bin. These are the files in the /etc directory.
I am suspecting my LDMG has been hacked/compromised although I don't see any other signs of problems. It doesn't have any rogue processes running and it is functioning as it always has.
I've checked disk usage, still have plenty of space on all the drives.
I don't have anything off the top of my head, but if you even suspect it was compromised i would take it out of service and get onto the latest appliance version so you have security updates being provided