Debian: Listing all user-installed packages?

Question

For a cyber security competition I participate in, I\'m given a Debian virtual machine with many packages installed and asked to clean extraneous or malicious packages.

Answer 1

An older question but a solution I came up with after finding this and a couple of other questions for a slightly different task. Trying to keep up to date a list of installed packages for system rebuilds. I found the following works pretty well:

comm -12 <(apt list --installed 2> /dev/null | cut -d '/' -f 1 | sort) <(history | grep -e "apt\(-get\)\? install" | grep -v -e "grep -e" | grep -v "./" | cut -d ' ' -f10 | sort)

This takes the list of all installed packages and compares to the history for packages being installed.

I'm assuming that packages are not being installed by evil actors trying to hide their tracks. Also a slightly nasty command apt list in a script however it does seem to work for now.