Which services to disable on a CentOs 5.8 web/database server?

Be careful with using other people's "lists" as you may disable things you actually need.

Some obvious problems I see with that list are:

• anacron makes sure cron jobs missed due to downtime get run when the system comes back up.
• smartd monitors the health of your disks and can be set up to email you if a disk is failing (though since you have a hardware RAID, you should use the vendor-provided tool instead).
• ip6tables is the IPv6 firewall... Really? Somebody advised turning off the firewall?!? This really blows their credibility to hell.
• yum-updatesd provides automatic updates. If you don't want this, turn it off, though it is useful in some scenarios.

I also have to agree with @aairey's advice to do a minimal install. In CentOS 5, this requires the use of a kickstart file; CentOS 6 has a special minimal installation CD.

While disabling/uninstalling certain software is a perfectly valid approach to hardening a system, in many cases it's overkill -- especially when, like yourself, one isn't certain which services to disable.

The better approach would be to use a minimal installation combined with a restrictive firewall. Since this is going to be a web server, the ruleset should be very easy to define.

To perform a minimal installation, go through the CentOS installer and when you get to the screen that lists roles, uncheck all of them. Then, choose "Customize Now".

You'll see a screen that has various categories on the left and package groups on the right. Go through each category and uncheck all of the package groups. In the Base category, click the Optional packages button. I usually uncheck everything except:

• anacron allows job scheduling and ensures that scheduled jobs run even if missed due to downtime.
• sudo allows you to execute commands with elevated privileges from an unprivileged account. In my opinion, this utility is vital for any Linux system.

After the installation is complete and you've rebooted, you can install the web server and any other necessary packages for your situation (httpd, PHP, MySQL, etc). Yum will automatically resolve dependencies for you and should only install those packages that are necessary for your chosen services to function.

When that's complete, edit your iptables rules to only allow necessary services: SSH, HTTP, HTTPS, SMTP outbound, etc. There are many tutorials available that explain how to do this. This question and its accepted answer are a good starting point.

DON'T BLOCK SSH! If you don't have console access to the server, be careful not to block SSH at any point or you'll be unable to access the system. When modifying firewall rules, I always open up a new SSH session without closing my existing (working) one just to verify that I can still connect. Once you exit that established session, if SSH is blocked then you're up the creek without a paddle.

Did you start of with the minimal install? If not I'd recommend starting there as things like anacron are not even installed to start with.