Debian: Listing all user-installed packages?

后端 未结 9 1764
灰色年华
灰色年华 2021-02-04 03:39

For a cyber security competition I participate in, I\'m given a Debian virtual machine with many packages installed and asked to clean extraneous or malicious packages.

相关标签:
9条回答
  • 2021-02-04 04:17

    The following Bash command works for me in Debian 10 (buster). It prints all manually installed packages minus the ones that came from your Debian installation (in other words, the packages that you installed with apt install):

    sudo grep -oP "Unpacking \K[^: ]+" /var/log/installer/syslog \
      | sort -u | comm -13 /dev/stdin <(apt-mark showmanual | sort)
    

    sudo is needed to search through /var/log/installer/syslog. You could also save this installer package list somewhere else if you don't want to use sudo every time.

    0 讨论(0)
  • 2021-02-04 04:24

    This takes into account also packages installed with aptitude (not only apt install or apt-get install, like Benny Hill's answer which I based on):

    ( ( zcat $( ls -tr /var/log/apt/history.log*.gz ) ; cat /var/log/apt/history.log ) | egrep '^(Start-Date:|Commandline:)' | grep -v aptdaemon ; ( zcat $( ls -tr /var/log/aptitude.*.gz ) ; cat /var/log/aptitude ) ) | egrep '^Commandline:.*install|^\[INSTALL\]' | sed 's#Commandline: ##' | awk '/INSTALL/ { print $2 }; !/INSTALL/ { print $0 }; ' 1>installed_packages.txt
    

    Example output (the last line comes from aptitude logs):

    apt-get install nodejs
    apt install tidy
    mc:amd64
    
    0 讨论(0)
  • 2021-02-04 04:24

    I dont know if it's possible to distiguich between user installation and default package installation, because the only way to install package is to have ROOT privillages. but you cat get all package installed and their status in one file by executing this command

    dpkg --get-selections > installed_packages.txt
    
    0 讨论(0)
  • 2021-02-04 04:27

    Below is a line from a "health" script I run on my desktop every night. Besides gathering information from sensors, network usage, HDD temperature, etc. it also gets a list of all the software I've installed manually from the command line.

    I'm running Kubuntu 14.04.5 (Trusty) at the moment and I don't know the details of any differences between Ubuntu and Debian's package management but hopefully this will work for you as well as it does for me.

    ( zcat $( ls -tr /var/log/apt/history.log*.gz ) ; cat /var/log/apt/history.log ) | egrep '^(Start-Date:|Commandline:)' | grep -v aptdaemon | egrep '^Commandline:' | egrep 'install' 1>>installed_packages.txt
    
    0 讨论(0)
  • 2021-02-04 04:31

    This command may shorten your work:

    apt-mark showmanual
    

    It is supposed to show what packages were installed "manually". It is not 100% reliable though, as many automatically installed packages are flagged as manually installed (because of reasons too long to describe here).

    You may also (if allowed) run security tools such as clamav and/or rkhunter to scan your computer for malicious programs.

    0 讨论(0)
  • 2021-02-04 04:32

    All Packages

    Most all the code that I found for this question used a search from the history log:

    $ cat /var/log/apt/history.log | grep 'apt-get install '
    

    or listed all Debian Packages installed on the machine:

    $ dpkg --get-selections
    

    Manually Installed

    I found the above answers to be inadequate as my history log was incomplete and I didn't want to do the work to separate built-in packages with manually installed packages. However, this solution did the trick of showing only manually initiated installed packages. This one uses the log: /var/log/dpkg.log, and it should be executed as a bash script.

    #!/usr/bin/env bash
    parse_dpkg_log() {
      {
        for FN in `ls -1 /var/log/dpkg.log*` ; do
          CMD="cat"
          [ ${FN##*.} == "gz" ] && CMD="zcat" 
          $CMD $FN | egrep "[0-9] install" | awk '{print $4}' \
            | awk -F":" '{print $1}'
        done
      } | sort | uniq
    }
    
    list_installed=$(parse_dpkg_log)
    list_manual=$(apt-mark showmanual | sort)
    comm -12 <(echo "$list_installed") <(echo "$list_manual")
    

    I found the code here: https://gist.github.com/UniIsland/8878469

    0 讨论(0)
提交回复
热议问题