ubuntu-security-status

Display the number of unsupported packages

$ ubuntu-security-status

$ ubuntu-security-status --unavailable

$ ubuntu-security-status --thirdparty

ubuntu-security-status [OPTION]...

-h, --help
    Displays the help message for the command and exits.

-v, --verbose
    Enables verbose output, providing more detailed information about the security status.

-s, --status
    Shows a concise summary of the system's overall security status.

--esm-apps
    Displays specific details related to the Extended Security Maintenance (ESM) for applications.

--esm-infra
    Displays specific details related to the Extended Security Maintenance (ESM) for infrastructure.

--pro
    Shows comprehensive details about the Ubuntu Pro subscription status and its activated services.

--livepatch
    Provides information about the Canonical Livepatch service, including its status and applied patches.

--notifications
    Displays security-related notifications, such as pending updates or required reboots.

The `ubuntu-security-status` command provides a comprehensive overview of the security posture of an Ubuntu system. It is designed to inform users about the state of their system's security updates, particularly concerning Canonical's Extended Security Maintenance (ESM) for both infrastructure (ESM Infra) and applications (ESM Apps). The command details the activation status of Ubuntu Pro, which includes ESM services, and indicates whether kernel Livepatching is enabled and active. Furthermore, it highlights pending security updates, outstanding reboots, and other critical security-related notifications. By consolidating this information, `ubuntu-security-status` helps users and administrators quickly assess if their system is receiving vital security patches and adheres to recommended security practices, ensuring a more secure and up-to-date operating environment.

This command is exclusive to Ubuntu operating systems and relies on the `ubuntu-advantage-tools` package being installed. The accuracy of the reported security status depends on the system's ability to connect to Canonical's update servers and the current state of its `apt` package information. While the command itself can be run by a standard user, some underlying update actions suggested by its output (e.g., `apt update` or `apt upgrade`) require root privileges.

ESM (Extended Security Maintenance) provides security updates for high and critical CVEs for Ubuntu LTS releases beyond their standard five-year support period. Ubuntu Pro is a subscription that includes ESM (for both Infra and Apps), kernel Livepatch, FIPS, and other compliance and security tools. The `ubuntu-security-status` command is instrumental in verifying the active status of these services on your system.

Running `ubuntu-security-status` without any options provides a summary of all relevant security information.
To check only the Ubuntu Pro subscription status, use `ubuntu-security-status --pro`.
To see only pending security notifications, use `ubuntu-security-status --notifications`.

The `ubuntu-security-status` command emerged as part of Canonical's efforts to enhance system security management and promote Extended Security Maintenance (ESM) for Ubuntu users. It is closely tied to the `ubuntu-advantage-tools` package (now often referred to as `ua-client` or `pro`), which provides access to Ubuntu Pro services, including ESM. Its development reflects Ubuntu's commitment to providing clear visibility into a system's security posture, especially for users utilizing paid or complimentary ESM services for older LTS releases. The command acts as a convenient aggregator, simplifying the process of checking security-critical information that previously might have required inspecting multiple sources or running several distinct commands.

apt(8), ua(1), pro(1), livepatch(8), unattended-upgrades(8)