diff --git a/bundles/apt/files/check_apt_upgradable b/bundles/apt/files/check_apt_upgradable
new file mode 100644
index 0000000..3609065
--- /dev/null
+++ b/bundles/apt/files/check_apt_upgradable
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+apt update -qq --silent 2> /dev/null
+
+UPGRADABLE=$(apt list --upgradable -qq 2> /dev/null | cut -d '/' -f 1)
+
+if test "$UPGRADABLE" != ""
+then
+  echo "$(wc -l <<< $UPGRADABLE) package(s) upgradable:"
+  echo
+  echo "$UPGRADABLE"
+  exit 1
+else
+  exit 0
+fi
diff --git a/bundles/apt/items.py b/bundles/apt/items.py
index 0d1b4a3..d81a39b 100644
--- a/bundles/apt/items.py
+++ b/bundles/apt/items.py
@@ -28,6 +28,9 @@ files = {
     '/etc/apt/sources.list': {
         'content': '# managed'
     },
+    '/usr/lib/nagios/plugins/check_apt_upgradable': {
+        'mode': '0755',
+    },
 }
 
 actions = {
@@ -72,7 +75,7 @@ for host, sources in hosts.items():
             'action:apt_update',
         },
     }
-    
+
     files[destination_path] = {
         'source': join(repo.path, 'data', 'apt', 'keys', keyfile),
         'content_type': 'binary',
@@ -83,7 +86,7 @@ for host, sources in hosts.items():
 
 # create backport pinnings
 
-for package, options in node.metadata.get('apt/packages', {}).items():    
+for package, options in node.metadata.get('apt/packages', {}).items():
     pkg_apt[package] = options
 
     if pkg_apt[package].pop('backports', False):
diff --git a/bundles/apt/metadata.py b/bundles/apt/metadata.py
index da4fb50..23d300c 100644
--- a/bundles/apt/metadata.py
+++ b/bundles/apt/metadata.py
@@ -3,4 +3,13 @@ defaults = {
         'packages': {},
         'sources': set(),
     },
+    'monitoring': {
+        'services': {
+            'apt upgradable': {
+                'vars.command': '/usr/lib/nagios/plugins/check_apt_upgradable',
+                'vars.sudo': True,
+                'check_interval': '1d',
+            },
+        },
+    },
 }