Just a short post about some useful cleanup commands for Debian and Ubuntu systems. There are (to my knowledge) no build in task solving the following things

  • Remove old kernels (while keeping the currently running and the latest)
  • Purge removed packages (especially after autoremoving unneeded dependencies)

If this post is helpful to you, please consider supporting me.

Remove old kernels

Debian and Ubuntu don’t remove old kernels when upgrading. Although this of course makes sense to keep the system bootable in case of a broken kernel, it can fill up /boot pretty quickly. Usually it should be sufficient to keep the currently running kernel, as well as the latest one. The rest can be safely deleted. This can be done with the following command:

apt-get purge $(dpkg --list |egrep 'linux-image-[0-9]' |awk '{print $3,$2}' |sort -nr |tail -n +2 |grep -v $(uname -r) |awk '{ print $2}')

A short explanation

apt-get purge             remove packages (and purge configuration) selected by the following lines
dpkg --list               list installed packages
egrep 'linux-image-[0-9]' grep installed kernels
awk '{print $3,$2}'       we need the version, as well as the package name
sort -nr                  sort by version
tail -n +2                filter out latest kernel
grep -v $(uname -r)       filter out currently running kernel (failsafe)
awk '{print $2}'          cut everything but the package name

Purge removed packages

If you remove a package using

apt-get remove <packagename>

The packages configuration will be retained. Also, when autoremoving unneeded dependencies, apt-get by default removes packages instead of purging them.

To cleanup your system and purge all packages that are removed from the system and their dependencies, use this command

apt-get autoremove -y; apt-get purge -y $(dpkg --list |grep '^rc' |awk '{print $2}')


apt-get autoremove -y  remove all dependencies no longer required
apt-get purge -y       purge packages selected with the following lines
dpkg --list            list installed packages
grep '^rc'             grep packages removed, but not purged (rc)
awk '{print $2}'       cut everything but the package name

Chef cookbook

Furthermore, I created the apt_cleanup Chef cookbook, which provides recipes to do all those tasks automatically.

For a convenient auto-cleanup, the following recipes can be used


Includes all other cleanup recipes


Removes all old kernels, but the most recent as well as the currenlty used one.


Runs apt-get autoremove to remove packages not required anymore.


Purges already removed packages, to get rid of e.g. old config files.


Runs apt-get clean to remove .dpkg files from /var/cache/apt/archives.

Saltstack formula

UPDATE 15th Oct. 2018: I’ve also created a salt formula to take care of cleaning up.

Either run it to clean up packages immediately:

# Clean up packages on this system
sudo salt-call state.apply apt.cleanup.now

# Clean up packages on all nodes
sudo salt '*' state.apply apt.cleanup.now
# Setup systemd timer to automatically clean packages once a day
sudo salt-call state.apply apt.cleanup

# Respectively, to install it on all nodes
sudo salt '*' state.apply apt.cleanup

Unlike Chef, Saltstack doesn’t run periodically. To run the cleanup scripts regularily (e.g. daily), the apt.cleanup state installs a systemd service and timer to cleanup your system automatically on a daily basis. Feel free to use the provided apt-cleanup.service and apt-cleanup.timer files independently of Saltstack!