Package Management
Install tools. Manage dependencies. Maintain operational capability.
CLASSIFIED SCENARIO
You've secured access to a seized system but it lacks forensic tools. Your mission: install the necessary analysis packages without triggering alerts, verify what's already installed, and ensure the system is updated to prevent exploitation of known vulnerabilities. Work quietly - package manager logs can reveal your activities.
Why Package Management Matters
Package management is essential for both offensive and defensive operations:
- Tool deployment - Install reconnaissance and analysis tools
- Vulnerability assessment - Check for outdated, vulnerable packages
- Forensic readiness - Deploy investigation tools on seized systems
- Supply chain awareness - Understand where packages come from
- Operational security - Package manager creates logs
Package Security Considerations
- apt logs everything - /var/log/apt/history.log reveals installs
- Outdated packages = vulnerabilities - apt list --upgradable
- Repository trust - Only use verified repos (GPG signed)
- Dependencies can be backdoored - Supply chain attacks
- Offline installation - dpkg -i for air-gapped systems
Core Package Commands
apt
Advanced Package Tool. High-level interface for installing, updating, removing packages.
dpkg
Low-level package manager. Install .deb files directly, query package database.
apt-cache
Query package cache. Search for packages, show dependencies.
Command Deep Dive
apt update & upgrade
$ sudo apt update
Hit:1 http://archive.ubuntu.com/ubuntu focal InRelease
Hit:2 http://security.ubuntu.com/ubuntu focal-security InRelease
Reading package lists... Done
Building dependency tree... Done
42 packages can be upgraded.
$ apt list --upgradable
openssh-server/focal-security 1:8.2p1-4ubuntu0.5 amd64 [upgradable from: 1:8.2p1-4ubuntu0.3]
nginx/focal-security 1.18.0-0ubuntu1.4 amd64 [upgradable from: 1.18.0-0ubuntu1.2]
[VULN] OpenSSH and nginx have security updates available!
[ACTION] sudo apt upgrade to patch vulnerabilities
apt install - Deploy Tools
$ sudo apt install nmap tcpdump wireshark -y
Reading package lists... Done
Building dependency tree... Done
The following NEW packages will be installed:
nmap tcpdump wireshark wireshark-common
0 upgraded, 4 newly installed, 0 to remove
[INSTALLED] nmap - Network scanner
[INSTALLED] tcpdump - Packet capture
[INSTALLED] wireshark - Traffic analysis
[LOGGED] Installation recorded in /var/log/apt/history.log
dpkg - Query Installed Packages
$ dpkg -l | grep ssh
ii openssh-client 1:8.2p1-4ubuntu0.5 amd64 secure shell (SSH) client
ii openssh-server 1:8.2p1-4ubuntu0.5 amd64 secure shell (SSH) server
ii openssh-sftp-server 1:8.2p1-4ubuntu0.5 amd64 secure shell (SSH) sftp server
[INTEL] SSH packages installed and versions identified
apt-cache search - Find Packages
$ apt-cache search forensic
autopsy - graphical interface to SleuthKit
foremost - forensic program to recover lost files
sleuthkit - tools for forensics analysis
testdisk - partition scanner and disk recovery tool
[OPTIONS] Multiple forensic tools available
[RECOMMEND] sleuthkit + autopsy for disk forensics
Quick Reference
| Command | Purpose | Notes |
|---|---|---|
apt update | Refresh package lists | Run before install/upgrade |
apt upgrade | Upgrade all packages | -y for auto-yes |
apt install pkg | Install package | -y for auto-yes |
apt remove pkg | Remove package | --purge removes config |
apt-cache search term | Search packages | Search by name/description |
dpkg -l | List installed packages | Pipe to grep to filter |
dpkg -i file.deb | Install .deb file | Offline installation |
Forensic Tool Deployment
# === FORENSIC TOOLKIT DEPLOYMENT ===
$ sudo apt update # 1. Refresh repos
$ apt-cache search forensic # 2. Find tools
$ sudo apt install sleuthkit autopsy -y # 3. Install forensics
$ sudo apt install nmap tcpdump -y # 4. Install network tools
$ dpkg -l | grep -E "nmap|tcpdump|sleuth" # 5. Verify installation
# OPSEC: Clear logs after operation
# sudo truncate -s 0 /var/log/apt/history.log
Ready to Deploy Your Toolkit?
Test your package management skills, then equip the seized system.
Tier 5 Complete: OPERATOR Rank Achieved