I am attempting to create a MOTD using Bash that gives me some specific information about this machine. I’ve figured out how to get a lot of what I want, but is there a way to get available upgrades, bad login attempts, and SSL Cert durations?
I’m able to find all of this info using SUDO but I’d like to have it report without input from me.
My Linux-fu is pretty weak, so I may not be describing my problem very well.
In general, if you can print it on stdout using a command, you can get it in your MOTD (Message Of The Day). But MOTD is a bit more confusing than it needs to be - IMHO. I'll explain...
All of the MOTD "stuff" in RPi comes from Debian because Debian is RPi's upstream distro. That means the documentation is easiest to find on Debian's website. The most current information is on Debian's MOTD wiki page. In the very first sentence, the wiki explains the source for much of the confusion:
The actual motd is generated and printed by pam_motd, see its manpage.
The link is to the pam_motd manpage. In Raspberry Pi, pam_motd is invoked in the file /etc/pam.d/login. There are two lines that are relevant:
session optional pam_motd.so motd=/run/motd.dynamic
session optional pam_motd.so noupdate
Oddly - but I suppose iaw PAM's arcane habits - the first line contains the output of the scripts in /etc/update-motd.d. The second line "slams the door" on other sources of pam-sponsored data for the MOTD. If you have read the documentation references linked above, and you have seen some discrepancies, then you are to be congratulated - you were paying attention.
Here's what you need to know about creating a customized MOTD today:
Any text you save in /etc/motd will be displayed on your login screen.
To generate a "customized" MOTD, create (or modify) scripts in the folder /etc/update-motd.d. This is best illustrated by example:
Let's see what's there:
$ ls -l /etc/update-motd.d
total 4
-rwxr-xr-x 1 root root 23 Oct 9 2021 10-uname
What's in the executable file '10-uname'?
$ cat /etc/update-motd.d/10-uname
#!/bin/sh
uname -snrvm
You can run uname -svrvm from the command line, and verify that is what you see on your login.
Now, to customize your MOTD, add another script beginning with a 2-digit number followed by a - and a descriptive name; e.g. 20-who. It will run with root privileges, so no sudo required, but don't put anything dumb or dangerous in it! Here's how to create the MOTD addition:
$ cd /etc/update-motd.d
$ sudo nano 20-who
add 2 lines to '20-who' in your editor:
'#!/bin/sh'
'who'
$ sudo chmod 755 20-who
$
While still logged in as above, open another terminal, and login again. Note that the MOTD will now include the output of the who command - which will be an empty string if yours is the first/only login.
Customising your MOTD is not difficult - except for the confusing documentation. Be aware that scripts requiring some time to execute will postpone your "arrival" at the shell prompt (e.g. available upgrades - unless you port the commands used in Ubuntu's 90-updates-availablescript.)
And if you see additional data adjacent to your MOTD, and wonder about the source of that, know that there are several possible sources. For example, sshd by default prints a Last login line. This is controlled in the file /etc/ssh/sshd_config in this line: #PrintLastLog yes. Turn it off if you wish by changing the line to PrintLastLog no.
I can get this info using 'sudo certbot certificates' but how can I get it without user input (ie password)?The scripts mentioned in my answer below at/etc/update-motd.dall run withrootprivileges - so put your commandcertbot certificates(nosudorequired!) in a script, and it will work. – Seamus May 13 '22 at 16:55