Locking a Linux System to a Specific OS Version

CentOS Linux

To prevent CentOS from being updated beyond some release level, it’s necessary to appropriate set the $releasever parameter. Create a new file, /etc/yum/vars/releasever, containing the value of the highest point release to which an update is acceptable.

There are two ways we can do this.

head -n1 /etc/centos-release | awk '{print $4}' > /etc/yum/vars/releasever

echo '7.2.1511' > /etc/yum/vars/releasever

Some will prefer the first, as it automatically restricts to whatever release is currently running.

Red Hat Enterprise Linux

RHEL is a bit more complicated, as there are many possible options, which are detailed here: https://access.redhat.com/solutions/238533. To summarize all but the EUS Subscription details:

Systems not registered to Customer Portal or Satellite

Any of the following will work.

  • Modify the /etc/yum.conf file under the [main] heading:

    [main] distroverpkg=7.2

  • Create the var file to override $releasever:

    head -n1 /etc/redhat-release | awk '{print $7}' > /etc/yum/vars/releasever

  • Alternatively …

    echo '7.2' > /etc/yum/vars/releasever

Systems registered to Customer Portal or Satellite

  • See a list of possible releases:

    subscription-manager release --list

  • Set the release:

    subscription-manager release --set=7.2

  • Clean your yum cache:

    yum clean all

  • Verify the system is set to the correct release:

    subscription-manager release --show