As DevOps, we may run into below issues from time to time: 1. Required packages are not installed. 2. Wrong version is installed 3. Extra packages installed which lead to conflict issues, etc.
Literally speaking, the effort of trouble shooting is to figure out what suspicious packages are installed. It’s quite boring and fruitless. To avoid this, people tend to manage Envs by tools like Chef, Puppet. However in development cycle, we still see this issue happens again and again.
Is there any way we can easily detect suspicious package actions?*
- If we can list all packages installation/removal actions, it shall be better.
- Packages installed after OS installation are the ones we shall pay more attention.
Fortunately, linux provides us this kind of facility. Take Ubuntu as an example.
For Question 1: From /var/log/apt/history.log*, we can dig out history of package installation and removal like below.
Start-Date: 2016-06-13 05:39:02 Commandline: aptdaemon role='role-commit-packages' sender=':1.166' Install: linux-headers-4.2.0-38-generic:amd64 (4.2.0-38.45~14.04.1), ... Upgrade: linux-generic-lts-wily:amd64 (18.104.22.168.29, 22.214.171.124.31), ... End-Date: 2016-06-13 05:44:24 Start-Date: 2016-06-27 09:39:53 Commandline: aptdaemon role='role-commit-packages' sender=':1.11575' Upgrade: grub-common:amd64 (2.02~beta2-9ubuntu1.7, 2.02~beta2-9ubuntu1.8), ... End-Date: 2016-06-27 09:40:44 Start-Date: 2016-06-27 09:40:53 Commandline: aptdaemon role='role-commit-packages' sender=':1.11575' Upgrade: dpkg:amd64 (1.17.5ubuntu5.6, 1.17.5ubuntu5.7), ... End-Date: 2016-06-27 09:41:03
For Question 2: we can list all installed packages running command of “dpkg -l”. If we run this command just after OS installation, we know the default package list. If we we run it now, we know the current package list. Try to diff these two lists, we can tell what packages installed ever since OS installation.