How to Install Updates on CentOS 7
Updated on
•6 min read

Keeping your CentOS system up to date with the latest security updates is one of the most important parts of overall system security. If you don’t update your operating system’s packages with the latest security patches, your machine will be vulnerable to attacks.
The recommended approach is to automate the updates with yum-cron
. Another option is to manually update the system.
In this tutorial, we will show you how to manually update system packages on CentOS 7. The same instructions apply for CentOS 6.
Prerequisites
To install and update packages you need to be logged in as root or a user with sudo privileges .
Updating Packages on CentOS
RPM is a packaging system used by Red Hat and its derivatives such as CentOS.
Yum is the default package manager tool in CentOS. It is used to install, remove, download, query and update packages from the official CentOS repositories as well as other third-party repositories.
Before running the update you can check for available updates using the following command:
sudo yum check-update
The output will contain a list of all packages that are available for update:
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos.s.uw.edu
* centos-sclo-rh: centos.s.uw.edu
* centos-sclo-sclo: centos.s.uw.edu
* epel: mirror.cherryservers.com
* extras: centos.s.uw.edu
* updates: centos.s.uw.edu
bind-libs-lite.x86_64 32:9.9.4-74.el7_6.2 updates
bind-license.noarch 32:9.9.4-74.el7_6.2 updates
curl.x86_64 7.29.0-51.el7_6.3 updates
device-mapper.x86_64 7:1.02.149-10.el7_6.8 updates
device-mapper-event.x86_64 7:1.02.149-10.el7_6.8 updates
device-mapper-event-libs.x86_64 7:1.02.149-10.el7_6.8 updates
device-mapper-libs.x86_64 7:1.02.149-10.el7_6.8 updates
To update a single package use the yum install
command followed by the name of the package you want to update. For example, to update only the curl
package you would run:
sudo yum install curl
Yum will give you a summary of the packages that will be updated and prompt you for confirmation. Answer y
and the packages will be updated.
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Updating:
curl x86_64 7.29.0-51.el7_6.3 updates 269 k
Updating for dependencies:
libcurl x86_64 7.29.0-51.el7_6.3 updates 222 k
Transaction Summary
================================================================================
Upgrade 1 Package (+1 Dependent package)
Total download size: 492 k
Is this ok [y/d/N]:
To update all packages use the yum update
command:
sudo yum update
The command will update the repositories and give you a list of all packages that can be updated. When prompted type y
to continue.
Prevent Packages From Being Updated
Sometimes you may want to restrict a package from being updated to a newer version. The Yum plugin versionlock
allows you to lock packages to a specific version.
The plugin is not installed by default so first, you’ll need to install it:
sudo install yum-plugin-versionlock
During the installation two configuration files will be created on your system, stored in the /etc/yum/pluginconf.d
directory. The configuration file versionlock.conf
and the file versionlock.list
containing the locked packages. By default, no packages are listed in this file.
To lock a version of a package you can either manually add the package name in the file or use the yum versionlock
command followed by the package name. For example, to prevent all PHP packages (all packages starting with “php-”) from being updated you would run:
sudo yum versionlock php-*
This will lock the PHP packages to the current version.
Viewing Yum logs
The history of the packages installed and updated with yum
is logged in the /var/log/yum
file. You can view the latest records using the cat
or tail
command:
sudo tail /var/log/yum.log
The output will include records about the packages installations and updates:
Jul 23 16:00:04 Installed: 7:squid-3.5.20-12.el7_6.1.x86_64
Jul 31 22:27:16 Updated: libcurl-7.29.0-51.el7_6.3.x86_64
Jul 31 22:27:16 Updated: curl-7.29.0-51.el7_6.3.x86_64
Conclusion
Installing updates and keeping your CentOS system up-to-date is pretty straightforward but if you manage multiple CentOS machines, it may be time-consuming and sometimes you may overlook an important update. The best option is to set up automatic updates.
If you have any questions or feedback, feel free to leave a comment.