Red Hat CentOS Yum Repositories

This is my summary of Yum repositories for future reference. Yum (and apt on Debian systems) is an easy way to install software on Red Hat/CentOS systems and to keep those systems up-to-date. There are a variety of repositories with different software packages available which is why I like to use most of the following repositories. To install a new package with yum:

yum install packagename

To search for available packages

yum list php*

To update all packages on a system

yum update

For more info

man yum

Don’t forget you can install the yum-priorities package, then add priority=1 or priority=5 – any number to set a priority for the particluar repo. I usually set the centos ones to 1, rpmforge to 5 and the others to about 10.
The main yum repositories are installed by default and you will find them at: /etc/yum.repos.d
They will be named CentOS-Base.repo and CentOS-Media.repo
Enable the sections you want in these files and set priority=1 as we prefer the well tested versions of software.

RPMforge has a wider range of packages available than the standard Red Hat/CentOS repositories including: clam, phpmyadmin
Installation instructions are at:
Following these instructions for CentOS 5 64-bit we would install with:

su -c ‘rpm -Uvh’

Check the rpmforge.repo file is now in /etc/yum.repos.d and add a priority=5 line if you want.

I used the EPEL repository at one point to get a specific PHP version which had not been released (and tested) on the other repositories and also a fairly specific scientific program. Installation instructions are at:
For example for CentOS x86:

su -c ‘rpm -Uvh’

I used the REMI repository at one point to get a specific
PHP version which had not been released (and tested) on the other
repositories . Installation
instructions are at:
For example for CentOS x86:

su -c ‘rpm -Uvh

Atomic ART
The Atomic repository has some extra packages mainly focused at servers running Plesk but I found the packages for OpenVAS on there that were not available on other repositories.
Download the following shell script:


Make it executable and then run it.

chmod +x atomic && ./atomic

Answer the questions and you will have the atomic.repo file in /etc/yum.repos.d

For all these repositories it is worth checking the /etc/yum.repos.d/*.repo files for the following options:

  1. Enable the Repository
    Change enabled=0 to enabled=1
  2. Set priority for the Repository
    Add priority=3 to the end of the section

Using extra package repositories makes life easier for being notified of updates and installing new packages/updates, however if a package is not available or you need extra configuration you can always compile the traditional way ./configure make make install

Enhancing ClamAV with Extra Signatures

We use ClamAV mainly for scanning incoming email for malware and phishing scams. ClamAV comes with a default database usually stored in /var/clamav or /var/lib/clamav . To get up-to-date malware definitions the following sources can be used:

The Freshclam binary should have been installed when you installed clamd and you should have a script /etc/cron.daily/freshclam which runs daily to update the clam definitions. If not, you could run freshclam or add a cronjob with:

/usr/bin/freshclam –quiet –datadir=”/var/clamav” –daemon-notify=”/etc/clamd.conf”

The definitions from ScamNailer are aimed at stopping Spear Phishing attacks. There are definitions for SpamAssassin and Clam. Set up a cronjob to retrieve the defintion at There is a download which includes a Perl script for this purpose and you can run it e.g. every 4 hours as follows:

33 1-23/4 * * * /path/to/ > /var/log/clamav-ClamNailer.log

ClamAV Unoffical Sigs
Download the Update script (and config file) from
Amend the configuration file /etc/clamav-unofficial-sigs.conf and set the ss_dbs variable to include all the sources you want to use (depending on how aggressive you want to be – we had a few false positives in jurlbla.ndb):


Then on the final line set:


Set up a cronjob to run the script:

/usr/local/bin/ -c /etc/clamav-unofficial-sigs.conf > /var/log/clamav-unofficial-sigs.log 2>&1

The MSRBL definitions are probably included in your clamav-unoffical-sigs script but can be run seperately if desired.
The MSRBL definitions can be used by running a shell script like the following, periodically as a cronjob:

# Info at
rsync rsync:// $PATH_TO_CLAM_DB/MSRBL-Images-FULL-SoN.hdb
rsync rsync:// $PATH_TO_CLAM_DB/MSRBL-Images-3M-R-SoN.hdb
rsync rsync:// $PATH_TO_CLAM_DB/MSRBL-Images-1M-R-SoN.hdb
rsync rsync:// $PATH_TO_CLAM_DB/MSRBL-SPAM-CR.ndb
rsync rsync:// $PATH_TO_CLAM_DB/MSRBL-SPAM.ndb
/etc/init.d/clamd reload

The following example will run this every 3 hours:

18 1-23/3 * * * /path/to/ > /var/log/clam-update-MSRBL.log

Atomic Secured Linux offers some 30-day old signatures freely (up-to-date signatures require a subscription)
Create a script to download the database from:

An example script might be:

cd /var/clamav
/etc/init.d/clamd reload

Then schedule it as a cron job.

40 7 * * * /root/scripts/ > /var/log/getAtomicClamDefinition.log

Refreshing ARP table entries

Taking an IP address down on one host:

/sbin/ifconfig eth0:1 down

Taking the IP address up on another host:

/sbin/ifconfig eth0:1 netmask up

Use arping to update the ARP tables:

/sbin/arping -S -B

So the switch should cache the new arp entry invalidating the existing one.
The arping utility appears to be part of the iputils package which should already be installed but if not:

yum install iputils