How to Install Updates on CentOS 7

Keeping your CentOS system up to date with the latest security updates is one of the most important parts of overall system security. If you don’t update your operating system’s packages with the latest security patches, your machine will be vulnerable to attacks.

The recommended approach is to automate the updates with yum-cron . Another option is to manually update the system.

In this tutorial, we will show you how to manually update system packages on CentOS 7. The same instructions apply for CentOS 6.

Prerequisites #

To install and update packages you need to be logged in as root or a user with sudo privileges .

Updating Packages on CentOS #

RPM is a packaging system used by Red Hat and its derivatives such as CentOS.

Yum is the default package manager tool in CentOS. It is used to install, remove, download, query and update packages from the official CentOS repositories as well as other third-party repositories.

Before running the update you can check for available updates using the following command:

sudo yum check-update

The output will contain a list of all packages that are available for update:

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: centos.s.uw.edu
 * centos-sclo-rh: centos.s.uw.edu
 * centos-sclo-sclo: centos.s.uw.edu
 * epel: mirror.cherryservers.com
 * extras: centos.s.uw.edu
 * updates: centos.s.uw.edu

bind-libs-lite.x86_64                    32:9.9.4-74.el7_6.2             updates
bind-license.noarch                      32:9.9.4-74.el7_6.2             updates
curl.x86_64                              7.29.0-51.el7_6.3               updates
device-mapper.x86_64                     7:1.02.149-10.el7_6.8           updates
device-mapper-event.x86_64               7:1.02.149-10.el7_6.8           updates
device-mapper-event-libs.x86_64          7:1.02.149-10.el7_6.8           updates
device-mapper-libs.x86_64                7:1.02.149-10.el7_6.8           updates

To update a single package use the yum install command followed by the name of the package you want to update. For example, to update only the curl package you would run:

sudo yum install curl

Yum will give you a summary of the packages that will be updated and prompt you for confirmation. Answer y and the packages will be updated.

Dependencies Resolved

================================================================================
 Package         Arch           Version                   Repository       Size
================================================================================
Updating:
 curl            x86_64         7.29.0-51.el7_6.3         updates         269 k
Updating for dependencies:
 libcurl         x86_64         7.29.0-51.el7_6.3         updates         222 k

Transaction Summary
================================================================================
Upgrade  1 Package (+1 Dependent package)

Total download size: 492 k
Is this ok [y/d/N]:

To update all packages use the yum update command:

sudo yum update

The command will update the repositories and give you a list of all packages that can be updated. When prompted type y to continue.

Prevent Packages From Being Updated #

Sometimes you may want to restrict a package from being updated to a newer version. The Yum plugin versionlock allows you to lock packages to a specific version.

The plugin is not installed by default so first, you’ll need to install it:

sudo install yum-plugin-versionlock

During the installation two configuration files will be created on your system, stored in the /etc/yum/pluginconf.d directory. The configuration file versionlock.conf and the file versionlock.list containing the locked packages. By default, no packages are listed in this file.

To lock a version of a package you can either manually add the package name in the file or use the yum versionlock command followed by the package name. For example, to prevent all PHP packages (all packages starting with “php-”) from being updated you would run:

sudo yum versionlock php-*

This will lock the PHP packages to the current version.

Viewing Yum logs #

The history of the packages installed and updated with yum is logged in the /var/log/yum file. You can view the latest records using the cat or tail command:

sudo tail /var/log/yum.log

The output will include records about the packages installations and updates:

Jul 23 16:00:04 Installed: 7:squid-3.5.20-12.el7_6.1.x86_64
Jul 31 22:27:16 Updated: libcurl-7.29.0-51.el7_6.3.x86_64
Jul 31 22:27:16 Updated: curl-7.29.0-51.el7_6.3.x86_64

Conclusion #

Installing updates and keeping your CentOS system up-to-date is pretty straightforward but if you manage multiple CentOS machines, it may be time-consuming and sometimes you may overlook an important update. The best option is to set up automatic updates.

If you have any questions or feedback, feel free to leave a comment.