Debian: Listing all user-installed packages?

Question

For a cyber security competition I participate in, I\'m given a Debian virtual machine with many packages installed and asked to clean extraneous or malicious packages.

Answer 1

All Packages

Most all the code that I found for this question used a search from the history log:

$ cat /var/log/apt/history.log | grep 'apt-get install '

or listed all Debian Packages installed on the machine:

$ dpkg --get-selections

Manually Installed

I found the above answers to be inadequate as my history log was incomplete and I didn't want to do the work to separate built-in packages with manually installed packages. However, this solution did the trick of showing only manually initiated installed packages. This one uses the log: /var/log/dpkg.log, and it should be executed as a bash script.

#!/usr/bin/env bash
parse_dpkg_log() {
  {
    for FN in `ls -1 /var/log/dpkg.log*` ; do
      CMD="cat"
      [ ${FN##*.} == "gz" ] && CMD="zcat" 
      $CMD $FN | egrep "[0-9] install" | awk '{print $4}' \
        | awk -F":" '{print $1}'
    done
  } | sort | uniq
}

list_installed=$(parse_dpkg_log)
list_manual=$(apt-mark showmanual | sort)
comm -12 <(echo "$list_installed") <(echo "$list_manual")

I found the code here: https://gist.github.com/UniIsland/8878469