How to Disable motd-news. (Ubuntu)
MOTD is the abbreviation of "Message Of The Day", and it is used to display messages when a remote user logs in to the Linux Operating system using SSH.
According to /etc/update-motd.d/50-motd-news file the system sends a request to your Ubuntu server containing information about the release version, kernel version, CPU architecture, cloud ID, and some annoying Canonical ads.
The typical message looks like this:
$ autossh -M 0 Xxxx1x23@192.168.1.156 -p xxxxx
Xxxx1x23@192.168.1.156's password:
Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 5.15.0-84-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Wed Sep 20 11:39:25 PM UTC 2023
System load: 0.1689453125 Processes: 141
Usage of /: 9.4% of 9.77GB Users logged in: 0
Memory usage: 30% IPv4 address for enp0s3: 192.168.1.156
Swap usage: 0%
* Strictly confined Kubernetes makes edge and IoT secure. Learn how MicroK8s
just raised the bar for easy, resilient and secure K8s cluster deployment.
https://ubuntu.com/engage/secure-kubernetes-at-the-edge
Expanded Security Maintenance for Applications is not enabled.
0 updates can be applied immediately.
12 additional security updates can be applied with ESM Apps.
Learn more about enabling ESM Apps service at https://ubuntu.com/esm
The idea is to show the user some useful information on login.
It looks reasonable, but I don’t like/trust when my system sends some data about my configuration to an external server from time to time even if it’s a server of Canonical. As we can see from above; info can be quite sensitive plus the "user agent" string used to contact the motd-news server sends a small amount of potentially sensitive information; as such (load, processes, update, reboot required, zombie).
Again; it is not clear whether that information is tracked by Canonical but the question of privacy is still present.
Remember there is such a thing as a "minor privacy breach".
The CPU info could be used to alert for the next Spectre or Meltdown.
The kernel version can be used to show critical messages (that no one would read) in case there are kernel exploits.
But why would Ubuntu be interested in my uptime or the name of the cloud provider? – (which, by the way, can already be determined because the HTTP call would show my source IP and that’s easily mapped back to a cloud provider, only a small portion of users would HTTP proxy all their outgoing traffic).
Now, what if we don’t want all of that?
Disabling motd-news
We need to modify its default configuration.
Let's jump to that file.
$ nano /etc/default/motd-news
OUTPUT
# Enable/disable the dynamic MOTD news service
# This is a useful way to provide dynamic, informative
# information pertinent to the users and administrators
# of the local system
ENABLED=1
# Configure the source of dynamic MOTD news
# White space separated list of 0 to many news services
# For security reasons, these must be https
# and have a valid certificate
# Canonical runs a service at motd.ubuntu.com, and you
# can easily run one too
URLS="https://motd.ubuntu.com"
# Specify the time in seconds, you're willing to wait for
# dynamic MOTD news
# Note that news messages are fetched in the background by
# a systemd timer, so this should never block boot or login
WAIT=5
Change ENABLED=1 to ENABLED=0.
We will as well comment # URLS and WAIT parameters.
Disabling parts of the dynamic motd
The actual MOTD message is divided into several pieces of script, each of which contains a separate piece of information. For instance, details on package upgrades, a file-system check, etc.
The MOTD scripts are located in /etc/update-motd.d, and by disabling the executable permissions of any specific script, the scripts will not be triggered and no longer appear on the MOTD.
let's ls -l /etc/update-motd.d
$ ls -l /etc/update-motd.d
OUTPUT
total 52
-rwxr-xr-x 1 root root 1220 Oct 15 2021 00-header
-rwxr-xr-x 1 root root 1157 Oct 15 2021 10-help-text
lrwxrwxrwx 1 root root 46 Feb 17 2023 50-landscape-sysinfo -> /usr/share/landscape/landscape-sysinfo.wrapper
-rwxr-xr-x 1 root root 5023 Oct 15 2021 50-motd-news
-rwxr-xr-x 1 root root 84 Sep 20 2022 85-fwupd
-rwxr-xr-x 1 root root 218 Jan 20 2023 90-updates-available
-rwxr-xr-x 1 root root 296 Apr 5 15:14 91-contract-ua-esm-status
-rwxr-xr-x 1 root root 558 Feb 10 2023 91-release-upgrade
-rwxr-xr-x 1 root root 165 Feb 19 2021 92-unattended-upgrades
-rwxr-xr-x 1 root root 379 Jan 20 2023 95-hwe-eol
-rwxr-xr-x 1 root root 111 Aug 17 2020 97-overlayroot
-rwxr-xr-x 1 root root 142 Jan 20 2023 98-fsck-at-reboot
-rwxr-xr-x 1 root root 144 Jan 20 2023 98-reboot-required
If we don't want to see any specific messages we just need to stop it from running. Basically, locate any script you wish to disable and remove the executable permissions using the chmod command.
For instance;
the following command will disable the updates available message.
$ sudo chmod -x /etc/update-motd.d/90-updates-available
or
$ sudo chmod 755 /etc/update-motd.d/90-updates-available
etc...
If we want to re-enable its executable permission use one of the following commands.
$ sudo chmod +x /etc/update-motd.d/90-updates-available
or
$ sudo chmod 766 /etc/update-motd.d/90-updates-available
Disabling dynamic motd entirely
As we can see there are some dynamic motd systemd services running;
$ systemctl list-unit-files | grep motd
OUTPUT
motd-news.service static -
update-notifier-motd.service static -
motd-news.timer enabled enabled
update-notifier-motd.timer enabled enabled
We need to disable those two motd-news.service and motd-news.timer.
$ sudo systemctl stop motd-news.service
OUTPUT
Warning: Stopping motd-news.service, but it can still be activated by:
motd-news.timer
$ sudo systemctl stop motd-news.timer
here is a warning...
We need to stop motd-news.timer systemd units as well.
$ sudo systemctl stop motd-news.timer
Now we need to disable both motd-news.service and motd-news.timer to prevent them from starting after a reboot.
$ sudo systemctl disable motd-news.service && sudo systemctl disable motd-news.timer
OUTPUT
Removed "/etc/systemd/system/timers.target.wants/motd-news.timer".
Make sure that they are actually disabled by checking their status.
$ sudo systemctl status motd-news.service || sudo systemctl status motd-news.timer
[sudo] password for jupiter:
○ motd-news.service - Message of the Day
Loaded: loaded (/lib/systemd/system/motd-news.service; static)
Active: inactive (dead)
Docs: man:update-motd(8)
...
..
.
○ motd-news.timer - Message of the Day
Loaded: loaded (/lib/systemd/system/motd-news.timer; disabled; preset: enabled)
Active: inactive (dead)
Trigger: n/a
Triggers: ● motd-news.service
Sep 21 01:08:29 virtualgegeno systemd[1]: Started motd-news.timer - Message of the Day.
Sep 21 01:10:54 virtualgegeno systemd[1]: motd-news.timer: Deactivated successfully.
Sep 21 01:10:54 virtualgegeno systemd[1]: Stopped motd-news.timer - Message of the Day.
Sep 21 01:10:54 virtualgegeno systemd[1]: Stopping motd-news.timer - Message of the Day...
Sep 21 01:10:54 virtualgegeno systemd[1]: Started motd-news.timer - Message of the Day.
Sep 21 01:14:42 virtualgegeno systemd[1]: motd-news.timer: Deactivated successfully.
Sep 21 01:14:42 virtualgegeno systemd[1]: Stopped motd-news.timer - Message of the Day.
You are all set.
We hope this guide was a good help.