One way to maintain one OS version across your AWS infrastructure is to disable kernel upgrade
Use case Scenario
You’ve a client who is complaining about the OS getting upgraded automatically which is causing the development team alot of issues with versioning of the product. For eg : The instance run on RHEL (RedHat) 6.5 and now are been upgraded to 6.7 which is problem for development team in terms of versioning and development of any website/webapp/product.
Ask your customer to not fire yum commands to ensure kernal packages are not upgraded, but this will limit upgrade or update other packages as well which can be problem in future.
Full proof solution
Configure the Linux machine in a way that the kernel is never upgraded automatically.
Steps to disable kernel upgrades
Step 1 : Look for yum-cron
If you’ve installed yum-cron which will install all updates automatically then I would suggest to make some configuration changes.
Add the following to the YUM PARAMETER line:
YUM_PARAMETER="-x kernel* -x php*"
Step 2 : Exclude kernel or other packages from
To make permanent changes, edit the
/etc/yum.conf file and following entries to it:
[main] cachedir=/var/cache/yum/$basearch/$releasever keepcache=0 debuglevel=2 logfile=/var/log/yum.log exclude=kernel* redhat-release* <==== Add this line
Step 3 : Disable kernel upgrade from
Take backup of
$ sudo cp -a /boot/grub/grub.conf /boot/grub/grub.conf.bkp
/boot/grub/grub.conf and change the line :
“default=0” to “default=1”
You can check OS and kernel version with following commands :
rpm -qf /etc/redhat-release
You have a system which will never upgrade automatically and which is compliance friendly.