On Ubuntu the update-notifier-common package provides a simplistic API to ask if there are security updates available.
I’ve written a little script to convert the output so that I can monitor multiple machines using Nagios:
12345678910111213141516
#!/bin/bash
# Munge output of apt_check.py suitably for Nagios
#
# @author David Schoen - http://lyte.id.au/
# apt_check.py outputs <total updates as int>;<security updates as int> to stderr
# we take this, redirect it to stdin and then read in to local variables
IFS=';' read -r total security < <(/usr/lib/update-notifier/apt_check.py 2>&1)
if [[ $security -eq 0 ]]; then
echo "APT OK - $security security, $total total updates"
else
echo "APT WARNING - $security security, $total total updates"
exit 1
fi
Place this somewhere Nagios (or NRPE) can execute it and call it like you would any other check command.