'Listing all user-installed packages in Debian
For a cyber security competition I participate in, I'm given a Debian virtual machine with many packages installed and asked to clean extraneous or malicious packages.
In the past, I've used dpkg -l | grep [searchterm]
and a list of common packages to preform this task. However, this is extremely inefficient and time-consuming.
To speed up my task, is there a way to search through the list of packages installed on a system for which processes have been installed by a user and are not system "default" packages?
Solution 1:[1]
This command may shorten your work:
apt-mark showmanual
It is supposed to show what packages were installed "manually". It is not 100% reliable though, as many automatically installed packages are flagged as manually installed (because of reasons too long to describe here).
You may also (if allowed) run security tools such as clamav
and/or rkhunter
to scan your computer for malicious programs.
Solution 2:[2]
Below is a line from a "health" script I run on my desktop every night. Besides gathering information from sensors, network usage, HDD temperature, etc. it also gets a list of all the software I've installed manually from the command line.
I'm running Kubuntu 14.04.5 (Trusty) at the moment and I don't know the details of any differences between Ubuntu and Debian's package management, but hopefully this will work for you as well as it does for me.
( zcat $( ls -tr /var/log/apt/history.log*.gz ) ; cat /var/log/apt/history.log ) | egrep '^(Start-Date:|Commandline:)' | grep -v aptdaemon | egrep '^Commandline:' | egrep 'install' 1>>installed_packages.txt
Solution 3:[3]
All Packages
Most all the code that I found for this question used a search from the history log:
cat /var/log/apt/history.log | grep 'apt-get install '
or listed all Debian packages installed on the machine:
dpkg --get-selections
Manually Installed
I found the above answers to be inadequate as my history log was incomplete and I didn't want to do the work to separate built-in packages with manually installed packages. However, this solution did the trick of showing only manually initiated installed packages. This one uses the log: /var/log/dpkg.log
, and it should be executed as a Bash script.
#!/usr/bin/env bash
parse_dpkg_log() {
{
for FN in `ls -1 /var/log/dpkg.log*` ; do
CMD="cat"
[ ${FN##*.} == "gz" ] && CMD="zcat"
$CMD $FN | egrep "[0-9] install" | awk '{print $4}' \
| awk -F":" '{print $1}'
done
} | sort | uniq
}
list_installed=$(parse_dpkg_log)
list_manual=$(apt-mark showmanual | sort)
comm -12 <(echo "$list_installed") <(echo "$list_manual")
I found the code at list-manually-installed-packages.sh.
Solution 4:[4]
This takes into account also packages installed with aptitude
(not only apt install
or apt-get install
, like Benny Hill's answer which I based on):
( ( zcat $( ls -tr /var/log/apt/history.log*.gz ) ; cat /var/log/apt/history.log ) | egrep '^(Start-Date:|Commandline:)' | grep -v aptdaemon ; ( zcat $( ls -tr /var/log/aptitude.*.gz ) ; cat /var/log/aptitude ) ) | egrep '^Commandline:.*install|^\[INSTALL\]' | sed 's#Commandline: ##' | awk '/INSTALL/ { print $2 }; !/INSTALL/ { print $0 }; ' 1>installed_packages.txt
Example output (the last line comes from aptitude logs):
apt-get install nodejs
apt install tidy
mc:amd64
Solution 5:[5]
You may also look at the file /var/lib/apt/extended_states.
cat /var/lib/apt/extended_states | grep -B2 'Auto-Installed: 0'
This is useful if you want to know what was installed on an old partition.
Solution 6:[6]
The following Bash command works for me in Debian 10 (buster). It prints all manually installed packages minus the ones that came from your Debian installation (in other words, the packages that you installed with apt install
):
sudo grep -oP "Unpacking \K[^: ]+" /var/log/installer/syslog \
| sort -u | comm -13 /dev/stdin <(apt-mark showmanual | sort)
sudo
is needed to search through /var/log/installer/syslog
. You could also save this installer package list somewhere else if you don't want to use sudo
every time.
Solution 7:[7]
Someone wrote a program generate a list of all packages manually installed (by users, by admin/root, or both), as determined by the Debian package system. It inspects Debian's apt-history log, and then combines the reports from the apt-mark
program. Apt-mark includes packages which were manually installed via use of the 'dpkg' system directly by users, not just ones installed via users through their package manager utility (Apt, Synaptic, Software Center, etc.). If you lack the apt-mark utility, you can tell it do just do the history inspection instead.
See the GitHub page.
List User Installed Debian Packages Utility
List all packages manually installed (by users, by admin/root, or both), as determined by the Debian package system.
Solution 8:[8]
An older question but a solution I came up with after finding this and a couple of other questions for a slightly different task. Trying to keep up to date a list of installed packages for system rebuilds. I found the following works pretty well:
comm -12 <(apt list --installed 2> /dev/null | cut -d '/' -f 1 | sort) <(history | grep -e "apt\(-get\)\? install" | grep -v -e "grep -e" | grep -v "./" | cut -d ' ' -f10 | sort)
This takes the list of all installed packages and compares to the history for packages being installed.
I'm assuming that packages are not being installed by evil actors trying to hide their tracks. Also a slightly nasty command apt list in a script however it does seem to work for now.
Solution 9:[9]
I don’t know if it's possible to distinguish between user installation and default package installation, because the only way to install a package is to have root privileges. But you can get all packages installed and their status in one file by executing this command:
dpkg --get-selections > installed_packages.txt
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow