Advanced Package Management with APT on Debian and Ubuntu
Maintaining an up-to-date inventory of server software is not just a matter of order, but a pillar of cybersecurity. Find out how to use apt list installed packages and other essential commands for auditing, troubleshooting, and infrastructure automation.
Key Points of the Article
- Security Audit: Why listing installed packages is the first step in vulnerability assessment.
- APT and DPKG syntax: Technical guidance to
apt list,apt showcommands and low-level alternatives. - Filtering and Automation: How to use
grepand scripts to handle complex outputs. - Debian vs Ubuntu: Nuances in package management between the two major distributions.
The Strategic Importance of Package Management in Server Infrastructure
For a CTO or System Administrator, knowing exactly what is running on their servers is critical. An unmaintained Linux server accumulates "technical debt" in the form of unused packages, obsolete libraries, or unpatched software.
The ability to query the package database (via Advanced Package Tool or APT) allows you to:
- Guarantee Compliance: Verify that only approved software versions are installed.
- Accelerate Troubleshooting: Quickly identify version conflicts after an upgrade.
- Replicate Environments: Create package lists to clone staging production environments.
The command apt list installed packages: Syntax and Usage
The primary command for getting a system overview on Debian-based distributions (such as Ubuntu, Linux Mint, Kali) is apt list. Although it may seem trivial, its power lies in its filtering options.
View all installed packages
To generate a complete list of packages on the system, the standard command is:
apt list --installedThis command returns a list that includes the package name, version, architecture, and status. However, on production servers with thousands of libraries, the output can be difficult to read.
Filter output for specific searches
often, the need is to check for specific software (e.g., nginx or python). In these cases, pipe to grep is the industry standard:
apt list --installed | grep nginxPro Tip:To prevent the system from "cutting" long versions or package names when the output is not an interactive terminal, it is useful to combine commands with redirects to files for later analysis.
In-depth analysis: apt show and apt check
Once a package has been identified with apt list, it is often necessary to understand its details: dependencies, installed size, and maintainer. This is where apt show and related commands come into play.
Use apt show installed packages
To get the complete metadata of a package, we use:
apt show [package_name]This is crucial when deciding whether to upgrade, as it shows the description, the source (repository), and dependencies that might break (Break/Conflicts).
Integrity check: apt check
The apt check command is an often underestimated diagnostic tool. It allows you to refresh the cache and check for broken dependencies without installing anything. It is a "safe" command to run in automated monitoring scripts.
Do you want to sleep soundly with your servers?
Managing a Mail Server or critical Linux infrastructure takes time and vertical expertise. A configuration error can cost hours of downtime.
Alternatives Tools: DPKG and Aptitude
Although APT is the recommended user interface, there are lower-level tools or alternative interfaces that offer different functionality, useful in scripting or recovery contexts.
dpkg list installed packages
dpkg is Debian's backend package manager. The dpkg --list command (or dpkg -l) provides very clean tabular output, ideal for being parsed by scripts.
Example use to export the list of packages (useful for migrations):
dpkg --get-selections > installed_packages.txtThis list can then be used on another server to replicate the installation with dpkg --set-selections.
Aptitude: The interactive interface
aptitude offers an ncurses-based interface but also powerful line commands. Searching is often more flexible with "search patterns".
aptitude search '~i'The above command lists all installed packages (~i). Aptitude is excellent for handling complex dependency conflicts that APT sometimes fails to resolve automatically.
Security Audit: Updateable and Obsolete Packages
From a security perspective, knowing what is installed is only half the battle. You need to know what's vulnerable.
- Check for updates:
apt list --upgradableimmediately shows which packages have newer versions in the configured repositories. - Orphaned packages: Using tools such as
deborphanor theapt autoremovecommand, you can clean your system of libraries you no longer need, reducing the attack surface.
Package Management: Debian vs Ubuntu
Although they share the same core (APT/DPKG), Debian and Ubuntu manage packages slightly differently, especially with regard to "non-free" or "universe" repositories.
In Ubuntu, it is common to find packages also distributed via Snap. It is important to note that apt list installed packages will not show Snap packages. For a complete view on Ubuntu, an administrator must combine:
apt list --installed && snap listOn Debian, system purity is prioritized and the use of Snap or Flatpak is optional and less pervasive, making apt (or apt-get) the almost absolute source of truth. To learn more about Debian's policies, you should consult the Debian Administrator's Handbook.
Frequently Asked Questions (FAQ)
What is the difference between apt list and apt-get list?
In fact, apt-get does not have a direct "list" command equivalent. apt was introduced as a more "end-user" friendly tool that combines functionality of apt-get and apt-cache. For scripts, we still tend to prefer dpkg or apt-get for output stability, while apt is for interactive use.
How can I count how many packages are installed?
You can concatenate the list command with a line counter: apt list --installed | wc -l. Remember to subtract 1 from the total result, since the first line is usually a header ("Listing...").
How to export the list of installed packages to a file?
Use the standard Linux redirection: apt list --installed > list_packages.txt. This file can be sent to your support team or used for documentation.
Does the apt show command display uninstalled packages?
Yes, apt show displays information about the packages in the configured repositories, regardless of whether they are installed on your local system or not.