Keeping your CentOS system up to date with the latest security updates is one of the most important parts of overall system security. If you don’t update your operating system’s packages with the latest security patches, your machine will be vulnerable to attacks.
The recommended approach is to automate the updates with
yum-cron. Another option is to manually update the system.
In this tutorial, we will show you how to manually update system packages on CentOS 7. The same instructions apply for CentOS 6.
To install and update packages you need to be logged in as root or a user with sudo privileges.
Updating Packages on CentOS
RPM is a packaging system used by Red Hat and its derivatives such as CentOS.
Yum is the default package manager tool in CentOS. It is used to install, remove, download, query and update packages from the official CentOS repositories as well as other third-party repositories.
Before running the update you can check for available updates using the following command:
sudo yum check-update
The output will contain a list of all packages that are available for update:
Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: centos.s.uw.edu * centos-sclo-rh: centos.s.uw.edu * centos-sclo-sclo: centos.s.uw.edu * epel: mirror.cherryservers.com * extras: centos.s.uw.edu * updates: centos.s.uw.edu bind-libs-lite.x86_64 32:9.9.4-74.el7_6.2 updates bind-license.noarch 32:9.9.4-74.el7_6.2 updates curl.x86_64 7.29.0-51.el7_6.3 updates device-mapper.x86_64 7:1.02.149-10.el7_6.8 updates device-mapper-event.x86_64 7:1.02.149-10.el7_6.8 updates device-mapper-event-libs.x86_64 7:1.02.149-10.el7_6.8 updates device-mapper-libs.x86_64 7:1.02.149-10.el7_6.8 updates
To update a single package use the
yum install command followed by the name of the package you want to update. For example, to update only the
curl package you would run:
sudo yum install curl
Yum will give you a summary of the packages that will be updated and prompt you for confirmation. Answer
y and the packages will be updated.
Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Updating: curl x86_64 7.29.0-51.el7_6.3 updates 269 k Updating for dependencies: libcurl x86_64 7.29.0-51.el7_6.3 updates 222 k Transaction Summary ================================================================================ Upgrade 1 Package (+1 Dependent package) Total download size: 492 k Is this ok [y/d/N]:
To update all packages use the
yum install command:
sudo yum check-update
The command will update the repositories and give you a list of all packages that can be updated. When prompted type
y to continue.
Prevent Packages From Being Updated
Sometimes you may want to restrict a package from being updated to a newer version. The Yum plugin
versionlock allows you to lock packages to a specific version.
The plugin is not installed by default so first, you’ll need to install it:
sudo install yum-plugin-versionlock
During the installation two configuration files will be created on your system, stored in the
/etc/yum/pluginconf.d directory. The configuration file
versionlock.conf and the file
versionlock.list containing the locked packages. By default, no packages are listed in this file.
To lock a version of a package you can either manually add the package name in the file or use the
yum versionlock command followed by the package name. For example, to prevent all PHP packages (all packages starting with “php-") from being updated you would run:
sudo yum versionlock php-*
This will lock the PHP packages to the current version.
Viewing Yum logs
sudo tail /var/log/yum.log
The output will include records about the packages installations and updates:
Jul 23 16:00:04 Installed: 7:squid-3.5.20-12.el7_6.1.x86_64 Jul 31 22:27:16 Updated: libcurl-7.29.0-51.el7_6.3.x86_64 Jul 31 22:27:16 Updated: curl-7.29.0-51.el7_6.3.x86_64
Installing updates and keeping your CentOS system up-to-date is pretty straightforward but if you manage multiple CentOS machines, it may be time-consuming and sometimes you may overlook an important update. The best option is to set up automatic updates.
If you have any questions or feedback, feel free to leave a comment.