CentOS Patching using DNF

A comprehensive guide to managing and applying patches on CentOS systems using the DNF package manager.


In this guide, we will explore the fundamentals of keeping CentOS systems secure and up-to-date using the DNF (Dandified YUM) package manager. DNF replaces the older YUM package manager, providing enhanced performance and improved dependency management.

Understanding DNF

DNF is a software package manager that installs, updates, and removes packages on RPM-based Linux distributions. It automatically computes dependencies and determines the actions required to install packages.

Setting Up Your Environment

Before you begin patching your system, it is essential to set up your environment properly:

  1. Ensure your system is registered with a subscription management service.
  2. Backup your important data before applying any updates.

Command to check system subscription:

sudo subscription-manager status

Basic DNF Commands

Understanding basic DNF commands will help you manage your packages efficiently:

  • Check for updates: sudo dnf check-update
  • Update a specific package: sudo dnf update httpd
  • Update all packages: sudo dnf update
  • Install a new package: sudo dnf install nginx
  • Remove a package: sudo dnf remove nginx

Advanced Patch Management

Advanced patch management involves more than just updating packages. It includes handling kernel updates, managing repositories, and configuring automatic updates.

Command to exclude kernel updates:

sudo dnf --exclude=kernel* update

Security Practices

Keeping your system secure is crucial. Regularly apply security patches and monitor advisories related to CentOS:

Command to list security updates:

sudo dnf updateinfo list sec

Automating Updates

Automating updates can help maintain system security and stability without manual intervention:

Setting up automatic updates:

sudo dnf install dnf-automatic
sudo systemctl enable --now dnf-automatic.timer


Encountering issues during updates is common. Here are a few tips for troubleshooting:

  • Check the DNF log file for error messages: /var/log/dnf.log
  • Use the --verbose option to get more detailed output from DNF commands.