How to check who installed what in the system?

How can I know:

1. What packages were installed in the system?
2. The user who installed them?

You can check your package selections (install packages) using:

dpkg-query -l

Read more: https://wiki.debian.org/ListInstalledPackages

@mook765 stated that "You could find out which user requested an install by checking in /var/log/apt/history.log and related archives /var/log/apt/history.log.#.gz"

how far back do you want to go?

check this log:

grep " install " /var/log/dpkg.log

the one before:

grep " install " /var/log/dpkg.log.1

or archive:

zgrep " install " /var/log/dpkg.log.2.gz

Now that you have timestamps, check against this list's timestamps:

grep sudo /var/log/auth.log

(you can actually just do it all from this last command)

But, if you have a lot to sort through...its easier to know what times you are looking for by checking dpkg logs.

Some commands to get this info from the logs suggested by others, to save sifting through the entire logs

zgrep -B1 Install /var/log/apt/history*

sample of output:

/var/log/apt/history.log.4.gz:Requested-By: zanna (1000)
/var/log/apt/history.log.4.gz:Install: powertop:amd64 (2.8-1build1)

or

zgrep 'sudo.*install ' /var/log/auth*

sample of output:

/var/log/auth.log.3.gz:Sep 18 07:09:28 monster sudo:    zanna : TTY=pts/1 ; PWD=/home/zanna/Downloads ; USER=root ; COMMAND=/usr/bin/apt install jq

tee or > out to a file for easier browsing, eg

zgrep -B1 Install /var/log/apt/history* > ~/install.log