How to prevent yum from updating the kernel

I am a new RHEL / Centos Linux server admin. I would like yum to update all packages except the Linux Kernel. How can I prevent yum command from updating kernel on a CentOS/RHEL/Fedora Linux based systems?


Tutorial details
Difficulty level Easy
Root privileges Yes
Requirements None
Est. reading time 2m

[/donotprint]You can prevent yum command from updating the Kernel permanently by following the simple steps.

Option #1: Edit /etc/yum.conf file

Use a text editor such as vi to edit /etc/yum.conf :
# vi /etc/yum.conf

Append/modify exclude directive line under [main] section, enter:
Save and close the file. Try, updating the system without updating the Linux kernel:
# yum -y update
This is a permanent option, so you don’t need pass the -x option to yum command.

Option #2: Pass the -x option to prevent yum from updating kernel

The syntax is as follows to skip update on command line itself:
# yum -x ‘kernel*’ update

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 6 comments so far. add one

Package Manager is software which allows a user in case of installation of new software, up-gradation of system, or updating any specific software and such sorts of things. In case of Linux based systems wherein one software has lots of dependencies which are required to be present on system for a complete installation of that software, such software’s like package manager become a much needed tool on every system.

Disable Lock Certain Package Updates with Yum

Each Linux Distribution ships with its default package manager for above stated functionalities, but of all these most found ones are: yum on RHEL and Fedora systems (where it is being currently replaced with DNF from Fedora 22+ onwards) and apt from Debian.

If you’re looking for APT tool to block or disable certain specific package updates, then you should read this article.

Dnf or Danified yum is replacing yum on Fedora systems which is another one in our list. If explored properly, these Package Managers can be used for following functionalities:

  1. Installing new software from the repository.
  2. Resolve dependencies of the software by installing those dependencies before installing the software.
  3. Maintaining database of dependencies of each software.
  4. Downgrade version of any existing software.
  5. Upgrading the kernel version.
  6. Listing packages available for installation.

We’ve already covered detailed articles separately on each individual package managers with practical examples, you should must read them to control and manager package management in your respective Linux distributions.

Read Also:

In the article, we will see how to lock/disable certain package updates using Yum package manager in RHEL/CentOS and Fedora systems (applicable till Fedora 21, later newer Fedora version ships with dnf as default package manager).

Disable/Lock Package Updates using Yum

Yellow dog Updater, Modified (yum) is package management tool in RedHat based distributions such as CentOS and Fedora. Various strategies used to Lock/Disable Package Updates using Yum are discussed below:

1. Permanently Disable Package for Install or Update

1. Open and edit the yum.conf file, which is located in /etc/yum.conf or in /etc/yum/yum.conf.

It looks like below:

Here, to exclude certain package from installation or up-gradation, you just need to add exclude variable along with name of package you wish to exclude. For example, if I want to exclude all the python-3 packages from getting updated, then I will just append following line to yum.conf :

For more than one package to exclude just separate their names by space.

Note: to include these packages, ignoring entries in yum.conf , use “-disableexcludes” and set it to all|main|repoid, where ‘main’ are those entered in yum.conf and ‘repoid’ are those whose exclusion is specified in repos.d directory, as explained later on.

Now let’s try to install or update the specified packages and see the yum command will disable them installing or updating.

2. Temporarily Disable Package for Install or Update

2. Above was a permanent solution to exclude a package as unless file is edited, that package won’t get updated. Here is a temporary solution for this also. Just at the time when you go for any update, use -x switch in yum command to exclude package which you do not want to update, like:

The above command will update all the packages whose updates are available, excluding python-3 on your system.

Here, for excluding multiple packages, use -x multiple times, or separate package names with ‘,’ in a single switch.

3. Using –exclude switch works same as -x, just need to replace -x with –exclude and pass ‘,’ separated list of package names to it.

3. Disable Package Updates using Repository

4. For any package installed from any external source via adding a repository, there is another way to stop its up-gradation in future. This can be done by editing its .repo file which is created in /etc/yum/repos.d/ or /etc/yum.repos.d directory.

Add the exclude option with the package name in the repo. Like: to exclude any package say wine from epel repo, add the following line in epel.repo file:

Now try to update the wine package, you will get error like shown below:

4. Disable Package Update Using versionlock Option

5. Another way in yum to mask the version of any package thus making it unavailable for up-gradation, is to use versionlock option of yum, but to do this, you must yum-plugin-versionlock package installed on the system.

For example, to lock the version of package say httpd to 2.4.6 only, just write following command as root.

Sample Output

To view locked packages, use the following command will list the packages which have been version locked.

Sample Output


These are a few tips which will help you Disable/Lock Package updates using yum package manager. If you have any other tricks to do the same things, you can comment them with us.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

We are thankful for your never ending support.

YUM (Yellowdog Updater Modified) is an open source default package management system for several Linux flavors like RHEL (Red Hat Enterprise Linux), CentOS (Community Enterprise Operating System)and Fedora. The YUM utility is used install, upgrade, remove rpm based packages from the distribution repositories in systems.

But sometime we don’t want to do update certain packages such as Apache Server (HTTP), MySQL, PHP and other major applications, because if such updates may harm currently running web application on server or you may stop updates till the application gets patched with new updates.

YUM Exclude Package Updates

In this article we will show you how we can exclude (disable) certain package updates using YUMtool. We can exclude or disable certain package updates from the any third party repositories. The exclude syntax would be as follow.

The above syntax will exclude “package“, “package1” and list of “package” updates or installs. Each keyword should be separated with space for exclusion of packages.

How to Exclude Packages in YUM

To exclude (disable) specific package updates, Open file called /etc/yum.conf with your choice of editor.

Add the following line at the bottom of the file with exclude keyword as shown below.

In the above example, the line exclude will disable updates for “httpd” “php” and “mysql” packages. Let’s try installing or updating one of them using YUM command as shown below.

Sample Output

How to Exclude Packages from EPEL Repo

To exclude packages installs or updates from EPEL repository, then open the file called /etc/yum.repos.d/epel.repo.

Add the exclude line by specifying packages to be exclude from the updates.

Now try to update above specified files from the EPEL repository using YUM command.

Sample Output

You can also use yum command line option to exclude package without adding to the repository files.

To exclude list of packages, use the command as follows.

This way you can exclude updates for any packages you want. There are many other ways you can do, for example, recently we’ve compiled a article on 4 useful ways to block/disable or lock certain packages using yum command in Linux, you should read this here:

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

We are thankful for your never ending support.

I am a new CentOS Linux user running my community site on production server. I want to update all packages except the Linux kernel on CentOS Linux. How can I prevent the yum command from updating the Linux kernel on CentOS/RHEL/Scientific/Fedora Linux server?

Tutorial details
Difficulty level Easy
Root privileges Yes
Requirements yum
Est. reading time 5m

You can easily run yum update command to updates everything but the kernel using the exclude directive. This option define list of packages to exclude from updates or installs. This should be a space separated list. Shell globs using wildcards * and ?) are allowed.

yum syntax to update all except Kernel

yum –exclude=packgeName\* update
yum –exclude=packgeName1\* –exclude=packgeName2\* update
yum -x ‘packageName*’ update
yum -x ‘packageName1*’ -x ‘packageName2*’ update


To prevent yum command from updating the Kernel type:

How do I prevent yum from Updating the Kernel permanently?

Edit /etc/yum.conf file, enter:
# vi /etc/yum.conf
Append/modify exclude directive line under [main] section, enter:

Save and close the file. Now, you can just run the following without passing the -x or –exclude option to yum command:
# yum -y update

See also
  • Force yum update Command To Exclude Certain Packages
  • See Linux yum command examples for more info
  • Man pages: yum.conf(5)

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 4 comments so far. add one

  • Linux: Bash Delete All Files In Directory Except Few
  • How to prevent yum from updating the kernelsed: Remove All Except Digits (Numbers) From Input
  • tcpdump: Monitor ALL eth1 Traffic Except My Own SSH Session
  • Nginx: Block URL Access (wp-admin/wp-login.php) To…
  • How to prevent yum from updating the kernelRHEL / CentOS Yum Command: Blacklist Packages […
  • yum Download All Source Packages (SRPM) From RedHat…
  • Force yum update Command To Exclude Certain Packages
Category List of Unix and Linux commands
File Management cat • ncdu
Firewall Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04
Network Utilities dig • host • ip • nmap
OpenVPN CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04
Package Manager apk • apt
Processes Management bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time
Searching grep • whereis • which
User Information groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w
WireGuard VPN Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04

It suggest leaving out the ‘-y’ option in the example or at least explain its use lest someone expecting to be prompted ends up surprised.

Thanks it is useful article, I agree with Chris if we do without -y then we can verify the packages.

i need a help. I want to upgrade the packages & kernel in the servers that are running
Eg: if there are around 200 packages now who to upgrade them at once. kindly reply me

I tried this on a vm, unfortunately the kernel was still updated anyway.

  • Search
  • Log In
  • Language

Log in to Your Red Hat Account

Your Red Hat account gives you access to your profile, preferences, and services, depending on your status.

If you are a new customer, register now for access to product evaluations and purchasing capabilities.

Need access to an account?

If your company has an existing Red Hat account, your organization administrator can grant you access.

Red Hat Account

  • Account Details
  • User Management
  • Account Maintenance
  • Account Team

Customer Portal

  • My Profile
  • Notifications
  • Help

For your security, if you’re on a public computer and have finished using your Red Hat services, please be sure to log out.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)


  • Red Hat Enterprise Linux (RHEL) 5
  • Red Hat Enterprise Linux (RHEL) 6
  • Red Hat Enterprise Linux (RHEL) 7
  • Red Hat Satellite
  • Red Hat Network


  • How do I exclude kernel or other packages from getting updated in Red Hat Enterprise Linux while updating system via yum?
  • How do I use the exclude option with yum?
  • How to prevent a package from updating while updating system from Satellite Server ?
  • How to exclude only 32 bit or 64 bit packages ?


The up2date command in Red Hat Enterprise Linux 4 excludes kernel updates by default. The yum in Red Hat Enterprise Linux 5 includes kernel updates by default.

To skip installing or updating kernel or other packages while using the yum update utility in Red Hat Enterprise Linux 5, 6, and 7, use following options:

Temporary solution via Command line:

For example, to exclude all kernel related packages:

  • To make permanent changes, edit the /etc/yum.conf file and following entries to it:

NOTE: If there are multiple package to be excluded then separate them using a single space or comma. Also, do not add multiple exclude= lines in the configuration file because yum only considers the last exclude entry.

To exclude 32 bit packages edit /etc/yum.conf file.

  • Product(s)
  • Red Hat Enterprise Linux
  • Component
  • yum
  • Category
  • Install
  • Tags
  • installation
  • rhel_5
  • rhel_6
  • rhn
  • yum

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Table of Contents

The kernel is the most important patch to test. As the core of the Linux operating system, an upgraded kernel can affect everything. There are several principles that you should follow when planning to update kernel:

  • Never upgrade to a new kernel in a way, that overwrites your existing kernel. Do not delete the existing kernel until you’re finished testing the new kernel.
  • Most distributions support side-by-side installations of new and existing kernels. In fact, when you install (and don’t upgrade) an existing kernel using a customized binary package, Red Hat/Fedora, SUSE, and Debian all “dual-boot” the new and existing kernels.
  • Test how the new kernel manages your boot process. Watch as it detects your hardware and starts your services. If there are problems or even unusual delays, the new kernel may have a problem with the associated hardware or service.
  • Check the log files associated with the boot process. Pay particular attention to services that won’t start or hardware that isn’t detected.
  • Test the new kernel on your system, based on the release notes. Make sure the new kernel works as intended on your computers.
  • Test your services and applications under the new kernel. Pay attention to any changes in behaviour. Document these changes.
  • When you’re ready to upgrade the kernel on production computers, tell your users what they can expect.

How to prevent yum from updating the kernel

Never upgrade kernel using “rpm -U”

Whenever you install a patch, there are risks. Professionally speaking from experience one should always avoid updating kernel using ” rpm -U “. With ” -U ” switch you are upgrading the existing kernel which means that after the upgrade if something fails then there is nothing to fallback to. For example, many kernel patches may lead to situations where you’re unable to boot Linux.

If you run into a situation where a patch leads to a crash, you may be able to restore your system from a backup . If you’re unable to boot your system for this purpose, you may need to use a “ rescue mode ” for your distribution. Rescue modes are available using the first installation CD associated with Red Hat/Fedora and SUSE.

Updating kernel is a critical change so it is always recommended to keep the old kernel before removing it . Let me show you what I mean with this. Here currently 3.10.0-957.21.3.el7 version of kernel is loaded on my RHEL Linux node

To list all the installed kernel rpms. (The main one is kernel-3.10.0-957.21.3.el7.x86_64 )

As you see from the message, the older kernel is being removed. Now rpm is unable to identify the difference between kernel rpm and other system rpms hence it treats kernel the same way.

Now here after boot if the system halts due to some problem and fails to come up then you have no way to recover your Linux node. The only option left for you would be to go into rescue mode and then try recovering your system which is a lot of trouble (believe me when I say this)

Update kernel using yum

Now let us try to perform the same task using yum command. With yum you can either use ” yum install ” or ” yum update ” to update kernel, either way yum will understand that you are trying to update kernel hence it will perform “install” action. Hence the older kernel will not be removed while the newer one will still be installed.

To check the list of kernel available in your repository

Next let us try to install the new kernel. For the sake of this example I will update kernel and all other relative packages

Now our task of update kernel was successful. We can verify the same using below command. As you see now we have two versions of kernel rpm installed.

Currently my system is still running with older kernel version

But as you see post reboot the RHEL Linux node is planned to come up with newly installed kernel ( 3.10.0-1062.1.1.el7.x86_64 ). If you have installed multiple version of kernel then you can also switch between different kernel version to change the boot order in RHEL 7 and RHEL 8 both.

Now we will reboot our RHEL 7 Linux host. As expected the node has come up with new kernel

And we still have both version of kernel installed on our node.

For all the available kernel, we will also have mapped initramfs and vmlinuz file under /boot

Now since we know our system has installed successfully with newer kernel, so now we can safely remove the old kernel (if required or you can plan to keep it)

Lastly I hope the steps from the article to update kernel on RHEL/CentOS 7 and 8 Linux was helpful. So, let me know your suggestions and feedback using the comment section.

Related Posts:

3 thoughts on “How to properly update kernel in RHEL/CentOS 7/8 Linux”

Great, great, great post!
Thanks for the simple way you are explaining the process. Very informative!

Hello, i got this error following your guide:
# yum list kernel
Last metadata expiration check: 0:05:08 ago on Fri 19 Jun 2020 09:31:23 AM CEST.
Installed Packages
kernel.x86_64 4.18.0-147.8.1.el8_1 @BaseOS
Available Packages
kernel.x86_64 4.18.0-193.6.3.el8_2 BaseOS
[[email protected] user1]# yum install kernel kernel-tools kernel-tools-libs
Last metadata expiration check: 0:05:45 ago on Fri 19 Jun 2020 09:31:23 AM CEST.
Package kernel-4.18.0-147.8.1.el8_1.x86_64 is already installed.
Package kernel-tools-4.18.0-147.8.1.el8_1.x86_64 is already installed.
Package kernel-tools-libs-4.18.0-147.8.1.el8_1.x86_64 is already installed.
Problem: The operation would result in removing the following protected packages: kernel-core
(try to add ‘–skip-broken’ to skip uninstallable packages or ‘–nobest’ to use not only best candidate packages)

This article needs an update. Thank you for bringing this to my notice

With RHEL 8 now the kernel package is broken into kernel-core and kernel-modules . In your environment most likely you are using kernel-core which is why you get this error
First of all check the list of installed kernel
# rpm -qa | grep kernel

if you are not using kernel and instead using kernel-core then you should use
# yum install kernel-core kernel-modules

If you also have kernel-modules-extra installed then add that to the list

In this article, we’ll show you how to exclude specific packages from updating using Yum package manager. Periodically, you may want to update your CentOS or RHEL system but leave out certain packages especially if the updates are likely to interfere with certain major applications in the System.

Exclude Specific packages from updating

We begin by first checking which packages are due for an upgrade using the Yum package manager on Centos 7, as shown below.

Sample Output

To exclude a specific package from getting updated, the syntax would be as follows

For example, If you want to exclude package glibc which is 10th on our list, run

Sample Output

As you may have noted, package glibc is not on our list because we excluded it in our command.

To exclude a list of packages run

Alternatively, you can use the command below to achieve the same purpose.

To exclude more than one package using the same command, run the command below

Permanently disable specific packages from updating in Yum

To disable specific packages from getting updates open the following config file with a text editor of your choice

How to prevent yum from updating the kernel

At the end of the config file, append the following

The above excludes samba, httpd , MariaDB, PHP packages from updating.

To exclude 32 bit packages

Now, if you try to update each of the individual packages, you’ll get a prompt that “No packages marked for update”

Sample Output

Exclude a repository from updating

Firstly, you may want to have a peek at the available repositories in your system. to achieve this, run the command below


To disable a repo from updating, we use the ‘–disablerepo=reponame’ option alongside the yum update command.

Alternatively, the ‘update’ command can precede the ‘disablerepo=reponame’option as shown

In the above example, If I want to disable kibana-5.x from updating, I’ll run

To exclude multiple repositories in one line, separate the repositories using a comma as shown below

What this does is that it will update the rest of the repos but leave out kibana-5.x

Excluding a repository from updating using enabled parameters

Instead of disabling the repo from updating in the yum update command, you can set the ‘enabled’ parameter to 0 in the repository configuration file.
The repo configuration file is located in /etc/yum.repos.d as shown

To exclude the kibana-5.x repository, open the configuration file using a text editor and set the ‘enabled’ option to 0 as shown below.

If you run yum repolist, the repository will not show up in the results as shown

This implies that any packages from the kibana repo will not be updated when the yum update command is run.

Thank you for taking your time on this tutorial. We hope that we’ve addressed the issue on how you can disable specific packages in Yum. Free to give it a try and get back to us with your feedback.

The Community ENTerprise Operating System

  • Unanswered topics
  • Active topics
  • Search

How do I prevent the system from updating to the 3.10.0-1062 kernel?

How do I prevent the system from updating to the 3.10.0-1062 kernel?

Post by alpha754293 » 2019/10/04 20:49:43

It would apparent that the latest update to the 3.10.0-1062 kernel in CentOS 7.6 will blip/temporarily/momentarily disconnect ALL network connections on the system.

How would I prevent yum or packagekit from updating to that kernel version?

Is there a way to blacklist that so that it WON’T update to that kernel?

How to prevent yum from updating the kernel

Re: How do I prevent the system from updating to the 3.10.0-1062 kernel?

Post by TrevorH » 2019/10/04 22:38:18

Re: How do I prevent the system from updating to the 3.10.0-1062 kernel?

Post by alpha754293 » 2019/10/05 03:11:59

So I updated all of my slave nodes and my headnode of my very small cluster that’s running CentOS 7.6.1810.

After the initial install, I run an update, and it updates the kernel from whatever the default is that ships with that DVD ISO image to 3.10.0-957 (I think that’s what it updates to) and that one doesn’t seem to have any issues.

I remotely administer and use the cluster via ssh which, by itself is nothing out of the ordinary.

The Supermicro system that I have also has IPMI so I can also monitor the console as well through/with that.

After updating to the 3.10.0-1062 kernel, at first I thought that when I sudo to a different runlevel, it was the sudo that was kicking me out (i.e. it would terminate my remote/ssh connection/session)

However, what I then tried, on the console was su to root. And THEN I would change to a different run level (i.e. switching from runlevel 5 to runlevel 3 so that I don’t need the GNOME graphical desktop anymore), and even THAT would terminate/disconnect my remote ssh session).

So, I’m not really sure what’s going on with the 3.10.0-1062 kernel — why it’s doing this.

But this is the observed behaviour that I see from my end.

I tried running chkconfig –list sshd and it said no sshd service found.

But then when I ran systemctl status sshd, it says that it’s active and running.

And then I also tried this as well:

Like I said, I don’t really know nor understand what’s going on here or why I am seeing this observed behaviour following the second update (and this is a fresh install — the system uptime is 3 days 53 minutes.

And this issue/behaviour doesn’t exist with the 3.10.0-957 kernel, so I’m not really sure what the root cause of this observed behaviour is, or how I would even begin to try and track it down.

Hope this helps.

If you need system and/or diagnostic information, please don’t hesitate to ask/let me know.

Just give me the commands that I can copy-and-paste and I’ll report back with what the outputs are.

If for some reason you want to keep your Linux kernel updates on Ubuntu, follow the steps below in this article. You can use this method to update your Ubuntu Linux system without updating the Linux kernel. It saves some space on your system and prevents some manual system kernel related configuration changes. But keeping kernel updates is not a good idea.

Keep Ubuntu Linux kernel updates

Open a terminal application. It can be opened by pressing Ctrl + Alt + T simultaneously.

Stop the Ubuntu kernel update via apt.


Replace linux-package-name with the actual Linux kernel image.


Enable Ubuntu kernel updates.

You can enable kernel update with the following command.

Stop the Ubuntu kernel update in the configuration file.

At the terminal

Scroll down to find the blacklist section and use the Linux kernel package to edit it as follows: Regular expressions are also supported here.

Stop the Ubuntu kernel update via dpkg.

The above syntax is conman to hold all packages. For the Linux kernel, replace Linux-package-name with the Linux kernel image.

If you like this article, please subscribe to us Youtube channel.. You can also stay connected with us twitter And Facebook..

Recommended Recommendation: How to Install Midnight Commander on Ubuntu-Text Based File Manager
It’s a sequel.