How to Disable motd-news. (Ubuntu)

yannick Coffi -



MOTD is the abbreviation of "Message Of The Day", and it is used to display messages when a remote user logs in to the Linux Operating system using SSH.

According to /etc/update-motd.d/50-motd-news file the system sends a request to your Ubuntu server containing information about the release version, kernel version, CPU architecture, cloud ID, and some annoying Canonical ads.

The typical message looks like this:

$ autossh -M 0 Xxxx1x23@192.168.1.156 -p xxxxx

Xxxx1x23@192.168.1.156's password: 
Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 5.15.0-84-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Wed Sep 20 11:39:25 PM UTC 2023

  System load:  0.1689453125      Processes:               141
  Usage of /:   9.4% of 9.77GB   Users logged in:         0
  Memory usage: 30%               IPv4 address for enp0s3: 192.168.1.156
  Swap usage:   0%

 * Strictly confined Kubernetes makes edge and IoT secure. Learn how MicroK8s
   just raised the bar for easy, resilient and secure K8s cluster deployment.

   https://ubuntu.com/engage/secure-kubernetes-at-the-edge

Expanded Security Maintenance for Applications is not enabled.

0 updates can be applied immediately.

12 additional security updates can be applied with ESM Apps.
Learn more about enabling ESM Apps service at https://ubuntu.com/esm



The idea is to show the user some useful information on login.
It looks reasonable, but I don’t like/trust when my system sends some data about my configuration to an external server from time to time even if it’s a server of Canonical. As we can see from above; info can be quite sensitive plus the "user agent" string used to contact the motd-news server sends a small amount of potentially sensitive information; as such (load, processes, update, reboot required, zombie).
Again; it is not clear whether that information is tracked by Canonical but the question of privacy is still present.

Remember there is such a thing as a "minor privacy breach".

The CPU info could be used to alert for the next Spectre or Meltdown.
The kernel version can be used to show critical messages (that no one would read) in case there are kernel exploits.
But why would Ubuntu be interested in my uptime or the name of the cloud provider? – (which, by the way, can already be determined because the HTTP call would show my source IP and that’s easily mapped back to a cloud provider, only a small portion of users would HTTP proxy all their outgoing traffic).

Now, what if we don’t want all of that?


Disabling motd-news


We need to modify its default configuration.
Let's jump to that file.

$ nano /etc/default/motd-news

OUTPUT

# Enable/disable the dynamic MOTD news service
# This is a useful way to provide dynamic, informative
# information pertinent to the users and administrators
# of the local system
ENABLED=1

# Configure the source of dynamic MOTD news
# White space separated list of 0 to many news services
# For security reasons, these must be https
# and have a valid certificate
# Canonical runs a service at motd.ubuntu.com, and you
# can easily run one too
URLS="https://motd.ubuntu.com"

# Specify the time in seconds, you're willing to wait for
# dynamic MOTD news
# Note that news messages are fetched in the background by
# a systemd timer, so this should never block boot or login
WAIT=5


Change ENABLED=1 to ENABLED=0.
We will as well comment # URLS and WAIT parameters.


Disabling parts of the dynamic motd


The actual MOTD message is divided into several pieces of script, each of which contains a separate piece of information. For instance, details on package upgrades, a file-system check, etc.
The MOTD scripts are located in /etc/update-motd.d, and by disabling the executable permissions of any specific script, the scripts will not be triggered and no longer appear on the MOTD.

let's ls -l /etc/update-motd.d

$ ls -l /etc/update-motd.d

OUTPUT

total 52
-rwxr-xr-x 1 root root 1220 Oct 15  2021 00-header
-rwxr-xr-x 1 root root 1157 Oct 15  2021 10-help-text
lrwxrwxrwx 1 root root   46 Feb 17  2023 50-landscape-sysinfo -> /usr/share/landscape/landscape-sysinfo.wrapper
-rwxr-xr-x 1 root root 5023 Oct 15  2021 50-motd-news
-rwxr-xr-x 1 root root   84 Sep 20  2022 85-fwupd
-rwxr-xr-x 1 root root  218 Jan 20  2023 90-updates-available
-rwxr-xr-x 1 root root  296 Apr  5 15:14 91-contract-ua-esm-status
-rwxr-xr-x 1 root root  558 Feb 10  2023 91-release-upgrade
-rwxr-xr-x 1 root root  165 Feb 19  2021 92-unattended-upgrades
-rwxr-xr-x 1 root root  379 Jan 20  2023 95-hwe-eol
-rwxr-xr-x 1 root root  111 Aug 17  2020 97-overlayroot
-rwxr-xr-x 1 root root  142 Jan 20  2023 98-fsck-at-reboot
-rwxr-xr-x 1 root root  144 Jan 20  2023 98-reboot-required


If we don't want to see any specific messages we just need to stop it from running. Basically, locate any script you wish to disable and remove the executable permissions using the chmod command.

For instance;
the following command will disable the updates available message.

$ sudo chmod -x /etc/update-motd.d/90-updates-available

or

$ sudo chmod 755 /etc/update-motd.d/90-updates-available

etc...

If we want to re-enable its executable permission use one of the following commands.

$ sudo chmod +x /etc/update-motd.d/90-updates-available

or

$ sudo chmod 766 /etc/update-motd.d/90-updates-available

Disabling dynamic motd entirely


As we can see there are some dynamic motd systemd services running; 

$ systemctl list-unit-files | grep motd

OUTPUT

motd-news.service                          static          -
update-notifier-motd.service               static          -
motd-news.timer                            enabled         enabled
update-notifier-motd.timer                 enabled         enabled


We need to disable those two motd-news.service and motd-news.timer.

$ sudo systemctl stop motd-news.service 

OUTPUT

Warning: Stopping motd-news.service, but it can still be activated by:
  motd-news.timer
  
$ sudo systemctl stop motd-news.timer


here is a warning...
We need to stop motd-news.timer systemd units as well.

$ sudo systemctl stop motd-news.timer


Now we need to disable both motd-news.service and motd-news.timer to prevent them from starting after a reboot.

$ sudo systemctl disable motd-news.service && sudo systemctl disable motd-news.timer                                                                                      
OUTPUT

Removed "/etc/systemd/system/timers.target.wants/motd-news.timer".


Make sure that they are actually disabled by checking their status.

$ sudo systemctl status motd-news.service || sudo systemctl status motd-news.timer
[sudo] password for jupiter: 


○ motd-news.service - Message of the Day
     Loaded: loaded (/lib/systemd/system/motd-news.service; static)
     Active: inactive (dead)
       Docs: man:update-motd(8)

...
..
.

○ motd-news.timer - Message of the Day
     Loaded: loaded (/lib/systemd/system/motd-news.timer; disabled; preset: enabled)
     Active: inactive (dead)
    Trigger: n/a
   Triggers: ● motd-news.service


Sep 21 01:08:29 virtualgegeno systemd[1]: Started motd-news.timer - Message of the Day.
Sep 21 01:10:54 virtualgegeno systemd[1]: motd-news.timer: Deactivated successfully.
Sep 21 01:10:54 virtualgegeno systemd[1]: Stopped motd-news.timer - Message of the Day.
Sep 21 01:10:54 virtualgegeno systemd[1]: Stopping motd-news.timer - Message of the Day...
Sep 21 01:10:54 virtualgegeno systemd[1]: Started motd-news.timer - Message of the Day.
Sep 21 01:14:42 virtualgegeno systemd[1]: motd-news.timer: Deactivated successfully.
Sep 21 01:14:42 virtualgegeno systemd[1]: Stopped motd-news.timer - Message of the Day.



You are all set.
We hope this guide was a good help.