Debian: Listing all user-installed packages?

Question

For a cyber security competition I participate in, I\'m given a Debian virtual machine with many packages installed and asked to clean extraneous or malicious packages.

Answer 1

The following Bash command works for me in Debian 10 (buster). It prints all manually installed packages minus the ones that came from your Debian installation (in other words, the packages that you installed with apt install):

sudo grep -oP "Unpacking \K[^: ]+" /var/log/installer/syslog \
  | sort -u | comm -13 /dev/stdin <(apt-mark showmanual | sort)

sudo is needed to search through /var/log/installer/syslog. You could also save this installer package list somewhere else if you don't want to use sudo every time.

Answer 2

This takes into account also packages installed with aptitude (not only apt install or apt-get install, like Benny Hill's answer which I based on):

( ( zcat $( ls -tr /var/log/apt/history.log*.gz ) ; cat /var/log/apt/history.log ) | egrep '^(Start-Date:|Commandline:)' | grep -v aptdaemon ; ( zcat $( ls -tr /var/log/aptitude.*.gz ) ; cat /var/log/aptitude ) ) | egrep '^Commandline:.*install|^\[INSTALL\]' | sed 's#Commandline: ##' | awk '/INSTALL/ { print $2 }; !/INSTALL/ { print $0 }; ' 1>installed_packages.txt

Example output (the last line comes from aptitude logs):

apt-get install nodejs
apt install tidy
mc:amd64

Answer 3

I dont know if it's possible to distiguich between user installation and default package installation, because the only way to install package is to have ROOT privillages. but you cat get all package installed and their status in one file by executing this command

dpkg --get-selections > installed_packages.txt

Answer 4

Below is a line from a "health" script I run on my desktop every night. Besides gathering information from sensors, network usage, HDD temperature, etc. it also gets a list of all the software I've installed manually from the command line.

I'm running Kubuntu 14.04.5 (Trusty) at the moment and I don't know the details of any differences between Ubuntu and Debian's package management but hopefully this will work for you as well as it does for me.

( zcat $( ls -tr /var/log/apt/history.log*.gz ) ; cat /var/log/apt/history.log ) | egrep '^(Start-Date:|Commandline:)' | grep -v aptdaemon | egrep '^Commandline:' | egrep 'install' 1>>installed_packages.txt

Answer 5

This command may shorten your work:

apt-mark showmanual

It is supposed to show what packages were installed "manually". It is not 100% reliable though, as many automatically installed packages are flagged as manually installed (because of reasons too long to describe here).

You may also (if allowed) run security tools such as clamav and/or rkhunter to scan your computer for malicious programs.

Answer 6

All Packages

Most all the code that I found for this question used a search from the history log:

$ cat /var/log/apt/history.log | grep 'apt-get install '

or listed all Debian Packages installed on the machine:

$ dpkg --get-selections

Manually Installed

I found the above answers to be inadequate as my history log was incomplete and I didn't want to do the work to separate built-in packages with manually installed packages. However, this solution did the trick of showing only manually initiated installed packages. This one uses the log: /var/log/dpkg.log, and it should be executed as a bash script.

#!/usr/bin/env bash
parse_dpkg_log() {
  {
    for FN in `ls -1 /var/log/dpkg.log*` ; do
      CMD="cat"
      [ ${FN##*.} == "gz" ] && CMD="zcat" 
      $CMD $FN | egrep "[0-9] install" | awk '{print $4}' \
        | awk -F":" '{print $1}'
    done
  } | sort | uniq
}

list_installed=$(parse_dpkg_log)
list_manual=$(apt-mark showmanual | sort)
comm -12 <(echo "$list_installed") <(echo "$list_manual")

I found the code here: https://gist.github.com/UniIsland/8878469