1. Pass the --exclude directive to the yum command to define list of packages to exclude from updates or installs.
2. yum versionlock command – Version lock rpm packages command.

Method # 1: yum versionlock command

You need to install yum-plugin-versionlock plugin. It takes a set of name/versions for packages and excludes all other versions of those packages (including optionally following obsoletes). This allows you to protect packages from being updated by newer versions.

Install yum-plugin-versionlock on a CentOS/RHEL server

To install yum-plugin-versionlock package, enter:
# yum -y install yum-versionlock
OR
# yum -y install yum-plugin-versionlock
Sample outputs:

Loaded plugins: product-id, rhnplugin, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package yum-plugin-versionlock.noarch 0:1.1.30-14.el6 will be installed
--> Finished Dependency Resolution
 
Dependencies Resolved
 
================================================================================
 Package                  Arch     Version         Repository              Size
================================================================================
Installing:
 yum-plugin-versionlock   noarch   1.1.30-14.el6   rhel-x86_64-server-6    27 k
 
Transaction Summary
================================================================================
Install       1 Package(s)
 
Total download size: 27 k
Installed size: 0  
Downloading Packages:
yum-plugin-versionlock-1.1.30-14.el6.noarch.rpm          |  27 kB     00:00     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : yum-plugin-versionlock-1.1.30-14.el6.noarch                  1/1 
  Verifying  : yum-plugin-versionlock-1.1.30-14.el6.noarch                  1/1 
 
Installed:
  yum-plugin-versionlock.noarch 0:1.1.30-14.el6                                 
 
Complete!

Syntax

The basic syntax is as follows:

yum versionlock package-name-here
yum versionlock package1 package2
yum versionlock add package-wildcard
yum versionlock add package1\*
yum versionlock [command] package1\*

To lock the nginx packages at current versions, type:

# yum versionlock nginx
OR
# yum versionlock add nginx

To list all current versionlock entries, run:

# yum versionlock list

To remove/delete versionlock entry for nginx package, enter:

# yum versionlock delete nginx

To remove all versionlock entries:

# yum versionlock clear
Sample outputs:

Loaded plugins: product-id, rhnplugin, security, subscription-manager,
              : versionlock
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
versionlock cleared

Add a exclude (within versionlock) for the latest versions of the packages in the available repos

# yum versionlock exclude pakage1 package2
# yum versionlock exclude pakage-wildcard-here

Demo: Locking ethtool package using yum lock version commands

First, check ethtool package has updates on the server:
# yum check-update
# yum check-update ethtool
Sample outputs:

Loaded plugins: product-id, rhnplugin, security, subscription-manager,
              : versionlock
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.

ethtool.x86_64               2:3.5-1.2.el6_5                rhel-x86_64-server-6

Lock down ethtool, enter:
# yum versionlock add ethtool
Sample outputs:

Loaded plugins: product-id, rhnplugin, security, subscription-manager,
              : versionlock
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
Adding versionlock on: 2:ethtool-3.5-1.el6
versionlock added: 1

List entries in versionlock, enter:
# yum versionlock list
Sample outputs:

Loaded plugins: product-id, rhnplugin, security, subscription-manager,
              : versionlock
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
2:ethtool-3.5-1.el6.*
versionlock list done

Try to update ethtool package, enter:
# yum update ethtool
Sample outputs:

Loaded plugins: product-id, rhnplugin, security, subscription-manager,
              : versionlock
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
Setting up Update Process
No Packages marked for Update

Delete ethtool versionlock so that yum can apply an update:
# yum versionlock delete '2:ethtool-3.5-1.el6.*'
Sample outputs:

Loaded plugins: product-id, rhnplugin, security, subscription-manager,
              : versionlock
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
Deleting versionlock for: 2:ethtool-3.5-1.el6.*
versionlock deleted: 1

Tip: List/view history of package?

Use the following command:
# yum --showduplicates list packageNameHere
# yum --showduplicates list ethtool
Sample outputs:

Method # 2: yum –exclude command to lock package version from yum update

Edit /etc/yum.conf
# vi /etc/yum.conf
Append the following line under [main] section to lock php and nginx, enter:

exclude=php* nginx* 

Save and close the file. See how to exclude packages when I use “yum update” command tutorial for more information.

Related media

A quick video tutorial shows you how to prevent any package to be update using yum even its update is available on a CentOS/Red Hat Enterprises Linux server.