Debian: Listing all user-installed packages?

Question

For a cyber security competition I participate in, I'm given a Debian virtual machine with many packages installed and asked to clean extraneous or malicious packages.

In the past, I've used dpkg -l | grep [searchterm] and a list of common packages to preform this task. However, this is extremely inefficient and time-consuming.

To speed up my task, is there any way to search through the list of packages installed on a system for which processes have been installed by a user and are not system "default" packages?

Answer 1

This command may shorten your work:

apt-mark showmanual

It is supposed to show what packages were installed "manually". It is not 100% reliable though, as many automatically installed packages are flagged as manually installed (because of reasons too long to describe here).

You may also (if allowed) run security tools such as clamav and/or rkhunter to scan your computer for malicious programs.

Answer 2

Below is a line from a "health" script I run on my desktop every night. Besides gathering information from sensors, network usage, HDD temperature, etc. it also gets a list of all the software I've installed manually from the command line.

I'm running Kubuntu 14.04.5 (Trusty) at the moment and I don't know the details of any differences between Ubuntu and Debian's package management but hopefully this will work for you as well as it does for me.

( zcat $( ls -tr /var/log/apt/history.log*.gz ) ; cat /var/log/apt/history.log ) | egrep '^(Start-Date:|Commandline:)' | grep -v aptdaemon | egrep '^Commandline:' | egrep 'install' 1>>installed_packages.txt