On Ubuntu the update-notifier-common package provides a simplistic API to ask if there are security updates available.
I’ve written a little script to convert the output so that I can monitor multiple machines using Nagios:
# Munge output of apt_check.py suitably for Nagios
# @author David Schoen - http://lyte.id.au/
# apt_check.py outputs <total updates as int>;<security updates as int> to stderr
# we take this, redirect it to stdin and then read in to local variables
IFS=';' read -r total security < <(/usr/lib/update-notifier/apt_check.py 2>&1)
if [[ $security -eq 0 ]]; then
echo "APT OK - $security security, $total total updates"
echo "APT WARNING - $security security, $total total updates"
Place this somewhere Nagios (or NRPE) can execute it and call it like you would any other check command.