DevOps · K8s · Volleyball · Travel  •  DevOps · K8s · Volleyball · Travel  •  DevOps · K8s · Volleyball · Travel
Explore NY Stream

How to Use ‘Yum History’ to Find Out Installed or Removed Packages Info

— ny_wk

How to Use ‘Yum History’ to Find Out Installed or Removed Packages Info

The yum history command records every package transaction on a RHEL or CentOS system, letting you see exactly what was installed, updated, or removed, when it happened, and who did it. It also lets you undo, redo, or roll back changes, making it one of the most useful tools for auditing and recovering a Linux server.

When a server suddenly misbehaves after a maintenance window, the first question is usually what changed? Manually grepping log files is slow and unreliable. The yum history subsystem gives you a clean, queryable database of every transaction, so you can pinpoint a problem package and reverse it in seconds. This guide walks through every practical use of the command, fixes a few common misconceptions, and shows the modern dnf history equivalents for RHEL/CentOS 8 and later.

What the Yum History Command Actually Does

YUM (Yellowdog Updater, Modified) is the high-level, RPM-based package manager that shipped with RHEL/CentOS 5, 6, and 7. Every time you install, upgrade, downgrade, or erase a package, yum writes a record to its history database, stored under /var/lib/yum/history/. The yum history command reads that database.

Each transaction is stamped with a unique transaction ID, the login user who ran it, the date and time, the action performed, and flags that warn you if anything went wrong (for example, packages altered outside of yum). This audit trail is what makes safe rollbacks possible.

Important: yum vs dnf on modern systems

On RHEL/CentOS 8, 9, Rocky Linux, and AlmaLinux, the underlying package manager is DNF, and yum is just a symlink to dnf. The history feature works almost identically — simply replace yum with dnf (for example dnf history). Where the syntax differs, this guide calls it out. The history database for DNF lives at /var/lib/dnf/history/.

How to View Your Complete Yum History

To list every transaction recorded on the system, run the command with no arguments. You need root privileges, so use sudo or switch to root first.

  1. Open a terminal on the RHEL/CentOS host.
  2. Run the history command:

    sudo yum history

  3. Read the output as a table of transactions, newest first.

The output shows columns for the transaction ID, the command line or login user, the date/time, the action (Install, Update, Erase, Downgrade), and an Altered count of how many packages changed. The bare command is identical to running yum history list all, which explicitly lists all transactions.

A typical row looks like this:

IDCommand line / Login userDate and timeAction(s)Altered
15install httpd2024-03-10 09:42Install4
14update2024-03-08 02:01Update37
13erase telnet2024-03-01 14:20Erase1

Finding Package Information With Yum History

The info, list, and summary subcommands all accept either a transaction ID or a package name as an argument. This is how you drill from the big list down to a specific change.

View details of every transaction for a package

To see all transactions that touched the Apache web server package, pass the package name to info:

sudo yum history info httpd

This prints the begin/end time, the user, the return code, and the full list of altered packages (with their before/after versions) for each matching transaction.

Get a condensed summary

For a compact count of transactions affecting a package rather than full details, use summary:

sudo yum history summary httpd

The summary groups transactions and shows how many altered the package, which is handy for a quick "how often has this changed?" check.

Look up a specific transaction by ID

Once you spot an interesting transaction in the main list, inspect it directly by its number. To see the full detail of transaction 15:

sudo yum history info 15

You can also pass a range, for example sudo yum history info 13..15, to view several transactions at once.

Tracing Per-Package Transaction Info

Some subcommands focus specifically on the history of one or more packages, which is perfect for an audit of "everything that ever happened to this package."

Use package-list (or its alias package-info) to list every transaction that altered a single package:

sudo yum history package-list httpd

To trace several packages at once, list them after the subcommand. Note the correct subcommand name is package-list for one or many packages:

sudo yum history package-list httpd epel-release

The output marks each package state per transaction — Install, Updated, Erase, Dep-Install, and so on — so you can see the exact point a dependency entered or left the system.

How to Undo, Redo, and Roll Back With Yum History

This is where the yum history command becomes a recovery tool, not just a viewer. Three subcommands reverse or repeat past work, and understanding the difference between them prevents costly mistakes.

  • undo — reverses a single transaction. If that transaction installed packages, undo removes them; if it removed packages, undo reinstalls them.
  • redo — repeats the work of a single transaction.
  • rollback — reverts the system to the state it was in immediately after a given transaction, undoing every transaction that came after it.

All three accept a transaction ID or the keyword last with an offset. If you have run 60 transactions, last means transaction 60 and last-4 means transaction 56.

The critical difference between undo and rollback

Imagine five transactions — call them 1 through 5 — that each installed a different package. The commands behave very differently:

  • sudo yum history undo 2 — removes only the package from transaction 2, leaving 3, 4, and 5 untouched.
  • sudo yum history redo 2 — repeats transaction 2 (reinstalling or re-applying its package).
  • sudo yum history rollback 2 — returns the system to its state right after transaction 2, which means it undoes transactions 3, 4, and 5.

In short: undo is surgical (one transaction), while rollback is sweeping (everything after the target). Always confirm which one you want before pressing Enter on a production box.

Redoing an update transaction

If transaction 2 was an update that upgraded a batch of packages, you can locate it and repeat it. First filter the list for the ID:

sudo yum history | grep -w "2"

Then repeat that transaction's work:

sudo yum history redo 2

Redo with force options

The redo subcommand accepts optional flags placed before the transaction ID:

  • force-reinstall — reinstalls any package that was installed, upgraded, or downgraded in that transaction.
  • force-remove — removes any package that was updated or downgraded in that transaction.

For example, to force-reinstall everything from transaction 16:

sudo yum history redo force-reinstall 16

Yum History Database and Source Subcommands

A few subcommands manage the history database itself and report on additional data sources:

  • addon-info — shows extra information sources attached to a transaction (such as config-manager or saved transaction data). Pass it a transaction ID, e.g. sudo yum history addon-info 15.
  • stats — prints statistics about the current history database, including total transactions and database size:

    sudo yum history stats

  • sync — refreshes the rpmdb/yumdb metadata stored in history for installed packages:

    sudo yum history sync

  • new — starts a fresh history file, archiving the old one (useful before a clean baseline):

    sudo yum history new

For the complete reference, the manual page documents every subcommand and flag: man yum (or man dnf on newer systems).

Common Pitfalls to Avoid

  • Confusing undo with rollback. As shown above, rollback removes every transaction after the target, not just one. Read the proposed change list yum prints before confirming.
  • Forgetting root privileges. Read-only listing may work for normal users in some configs, but undo/redo/rollback need root. Use sudo.
  • Expecting rollback to recover deleted config or data. History reverses package state only. It will not restore files you deleted manually or data outside RPM's control.
  • Disabled repositories. A rollback that needs an older package version will fail if that version is no longer in any enabled repo. Keep repo access (or a local mirror) available for true reversibility.
  • Assuming history survives a clean. Running yum history new archives the old database; transactions afterward start a new file. Don't run it casually on an audited system.
  • Mixing manual rpm with yum. Packages installed or removed directly with rpm can leave the history flagged as altered outside yum, which limits clean rollbacks.

Verifying Your Changes Worked

After an undo, redo, or rollback, confirm the result instead of assuming success.

  1. Re-check the history list to see a new transaction recorded for your action:

    sudo yum history

  2. Inspect the package state directly to confirm it is present or gone:

    rpm -q httpd

  3. Review the specific transaction you just created for the return code and altered list:

    sudo yum history info last

  4. Confirm the service behaves as expected, for example restarting and checking status:

    sudo systemctl status httpd

A clean exit (return code 0) plus the expected rpm -q result means the operation completed correctly.

Key Takeaways

  • The yum history command keeps a queryable audit trail of every install, update, and removal on RHEL/CentOS systems.
  • Use info, list, summary, and package-list with a transaction ID or package name to investigate exactly what changed.
  • undo reverses a single transaction; rollback reverses every transaction after the target — know the difference before running them.
  • redo can repeat a transaction, optionally with force-reinstall or force-remove.
  • On RHEL/CentOS 8+, Rocky, and AlmaLinux, swap yum for dnf — the history syntax is the same.

Frequently Asked Questions

Where is the yum history database stored?

For yum it lives in /var/lib/yum/history/ as SQLite files; for DNF on RHEL/CentOS 8 and later it is in /var/lib/dnf/history/. These files persist across reboots, which is what makes long-term auditing and rollback possible.

What is the difference between yum history undo and rollback?

undo reverses only the one transaction you name. rollback returns the system to the state it was in right after the target transaction, undoing every transaction that happened later. Use undo for a single mistaken change and rollback to revert a whole sequence.

Can I roll back a yum update if it broke my server?

Yes. Find the update's transaction ID with sudo yum history, then run sudo yum history undo <id> to reverse just that update, or rollback to also revert everything after it. The older package versions must still be available in an enabled repository for the reversal to succeed.

Does dnf history work the same as yum history?

Almost entirely. On modern RHEL/CentOS, Rocky Linux, and AlmaLinux, yum is a symlink to dnf, so dnf history, dnf history info, dnf history undo, and dnf history rollback all behave like their yum counterparts.

For more hands-on Linux administration tutorials, subscribe to @explorenystream on YouTube.