There are a couple of things missing from the otherwise very stable CentOS5:

denyhosts
A python script checking on failed attempts to log into SSH and blocking IP addresses in /etc/hosts.deny when detected.

psad – www.cipherdyne.com/psad/
port scan admin, which detects port scanning activity and blocks IPs with iptables when detected

Additional updating and facilties (like the ones above) are easier installed with YUM when the following repo (Centos, Linux Enterprise & RedHat 7.3 & 9) is added:

http://dag.wieers.com/rpm/FAQ.php#B