"Expanded Security Maintenance for Applications" shown every time I log on!

Keith keithw at caramail.com
Fri Mar 10 17:09:59 UTC 2023 

On 3/10/23 3:14 AM, Bo Berglund wrote:
> On Fri, 10 Mar 2023 02:20:32 -0500, Jeffrey Walton <noloader at gmail.com> wrote:
> 
>> On Fri, Mar 10, 2023 at 1:41?AM Bo Berglund <bo.berglund at gmail.com> wrote:
>>>
>> Try to locate the script or file that is responsible for the message,
>> and remove the execute bit. That's how to disable individual pieces of
>> those login messages.
>>
>> $ sudo find /etc -name '*motd*'
>> /etc/default/motd-news.wasremoved
>> /etc/update-motd.d
>> /etc/update-motd.d/50-motd-news
>> /etc/systemd/system/timers.target.wants/motd-news.timer
>>
>> # No execute, it does not contribute to the message
>> $ ls -Al /etc/default/motd-news.wasremoved
>> -rw-r--r-- 1 root root 0 Aug 25  2022 /etc/default/motd-news.wasremoved
>>
>> # Execute, it does contribute to the message
>> $ ls -Al /etc/update-motd.d/50-motd-news
>> -rwxr-xr-x 1 root root 5023 Aug 17  2020 /etc/update-motd.d/50-motd-news
>>
>> I don't receive the message, so I am not sure which file or script to disable.
> 
> Thanks,
> I have looked at the various scripts in /etc/update-motd.d and removed the
> executable switch on these:
> 
> sudo chmod -x 88-esm-announce
> sudo chmod -x 50-motd-news
> sudo chmod -x 91-contract-ua-esm-status
> 
> This reduced the welcome screen to this on my home server:
> 
> -----------------------------
> Welcome to Ubuntu 20.04.5 LTS (GNU/Linux 5.4.0-89-generic x86_64)
> 
>    System information as of Fri 10 Mar 2023 09:50:48 AM CET
> 
>    System load:    0.0                 Users logged in:       1
>    Usage of /home: 79.8% of 258.81GB   IPv4 address for eth0: 192.168.119.216
>    Memory usage:   10%                 IPv4 address for tun0: 10.8.139.1
>    Swap usage:     3%                  IPv4 address for tun1: 10.8.0.1
>    Processes:      270
> 
> 1 device has a firmware upgrade available.
> Run `fwupdmgr get-upgrades` for more information.
> 
> 
> Expanded Security Maintenance for Applications is not enabled.
> 
> 0 updates can be applied immediately.
> 
> 27 additional security updates can be applied with ESM Apps.
> Learn more about enabling ESM Apps service at https://ubuntu.com/esm
> 
> New release '22.04.2 LTS' available.
> Run 'do-release-upgrade' to upgrade to it.
> 
> 
> *** System restart required ***
> Last login: Fri Mar 10 09:44:59 2023 from 192.168.119.136
> --------------------------------
> 
> Now the delay is removed and some items gone but there is till a message about
> ESM...
> 
> "Expanded Security Maintenance for Applications is not enabled."
> 
> And embedded in this, which I think is some part of the apt update check:
> 
> "27 additional security updates can be applied with ESM Apps.
> Learn more about enabling ESM Apps service at https://ubuntu.com/es"
> 
> But if I remove the x switch:
> sudo chmod -x 90-updates-available
> 
> then there are no longer any reminders of the normal updates situation...
> I don't want to lose these.
> So I put it back on, hopefully there is something one can do with this script
> itself?

That could be difficult unless you're proficient at python scripting. 
Canonical has integrated the Ubuntu Pro (aka Ubuntu Advantage) ESM 
service update notifications into the update-notifier system which is 
responsible for generating that portion of the dynamic motd. 
Specifically, you'd need to edit /usr/lib/update-notifier/apt_check.py 
to remove the ESM parts of the script and maybe alter some other files. 
It's not particularly well documented outside of the scripts themselves, 
unfortunately.

Alternatively, you can disable the 90-update-available script and write 
your own script to provide that information.

Alternatively, you can sign up for the Ubuntu Pro services which 
Canonical has offered for free to users for up to five machines, virtual 
or physical. With the ESM service, you'll get security updates from 
Canonical for packages in the Universe repository which are ordinarily 
only supported and updated by community efforts, which, in a lot (maybe 
most) of cases is lacking.

According to the motd message you're getting, you've got 27 software 
packages installed on your server that have security updates available 
for them. Seems like a no-brainer to me, but TEHO.

-- 
Keith

More information about the ubuntu-users mailing list