Why Lubuntu 18.04 calls Amazon servers? (motd.ubuntu.com)

Question

In wireshark logs I found that my Lubuntu 18.04 calls Amazon servers. See this log:

17  192.168.1.1 192.168.1.13    DNS 118 Standard query response 0x0e33 A motd.ubuntu.com A 54.194.229.79 A 52.18.210.215 OPT
18  192.168.1.1 192.168.1.13    DNS 142 Standard query response 0xebef AAAA motd.ubuntu.com AAAA 2a05:d018:91c:3200:4a81:cf9a:267b:97df AAAA 2a05:d018:91c:3200:5869:6d03:bf3a:f619 OPT
19  192.168.1.13    54.194.229.79   TCP 74  50656  >  443 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=4010357077 TSecr=0 WS=128
20  54.194.229.79   192.168.1.13    TCP 74  443  >  50656 [SYN, ACK] Seq=0 Ack=1 Win=26847 Len=0 MSS=1380 SACK_PERM=1 TSval=2116889653 TSecr=4010357077 WS=128
21  192.168.1.13    54.194.229.79   TCP 66  50656  >  443 [ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=4010357137 TSecr=2116889653
22  192.168.1.13    54.194.229.79   TLSv1.2 284 Client Hello

It downloads some message of the day (MOTD). What is it and how to disable this "feature"?

Answer 1

If you have a look in /etc/update-motd.d/ you will see the configuration that is responsible for updating motd with information.

It's the 50-motd-news-file that is responsible for fetching news from motd.ubuntu.com (which is controlled by Ubuntu, but hosted in AWS, which is why whois shows Amazon).

Simply remove the 50-motd-news-file, and it will stop checking for news for motd.

You can also remove the update-motd package if you desire. sudo apt remove update-motd will disable all automatic motd updates, including update and reboot notifications.

In addition, you should change ENABLED=1 to ENABLED=0 in /etc/default/motd-news.

How I found this

I can add how I figured out this. I did a grep -r 'motd.ubuntu.com' /etc/ 2>/dev/null. This showed the two files mentioned above.

A apt-cache search update-motd confirmed that this was a package, and man update-motd explained how it works:

Executable scripts in /etc/update-motd.d/* are executed by pam_motd(8) as the root user at each login, and this information is concatenated in /run/motd.dynamic. The order of script execution is determined by the run-parts(8) --lsbsysinit option (basically alphabetical order, with a few caveats).

Thus, removing any individual scripts will not be harmful. You can even add your own if you want.