I've recently installed a CentOS 5.3 machine which I'm locking down for server usage in a headless environment (no GUI will be used on the machine). The server will be used as a combined web- and database server.
I've disabled xfs and portmap since these will clearly not be needed on the machine.
Below is a chkconfig log which shows the services running on the machine.
Question: Beyond xfs and portmap - which of the services below would you consider disabling? Why?
chkconfig --list | grep 3:on
acpid 0:off 1:off 2:on 3:on 4:on 5:on 6:off
anacron 0:off 1:off 2:on 3:on 4:on 5:on 6:off
atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
autofs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off
ip6tables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
irqbalance 0:off 1:off 2:on 3:on 4:on 5:on 6:off
kudzu 0:off 1:off 2:off 3:on 4:on 5:on 6:off
mcstrans 0:off 1:off 2:on 3:on 4:on 5:on 6:off
messagebus 0:off 1:off 2:off 3:on 4:on 5:on 6:off
microcode_ctl 0:off 1:off 2:on 3:on 4:on 5:on 6:off
netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
readahead_early 0:off 1:off 2:on 3:on 4:on 5:on 6:off
restorecond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
yum-updatesd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
The only things I'd be inclined to disable are yum-updatesd (since I'll run yum update manually when I need it, and probably scripted in cron), autofs, kudzu (since I assume you're hardware is unlikely to change), and netfs (assuming you're not using NFS or the like). If performance is a big issue, it may be worth disabling auditd. Most of the others can be disabled, but in the intersts of making admins lives easier, I'd generally leave them running.
I'd disable all the services I don't normally use like anacron and netfs. If the server doesn't need firewall rules, iptables and ip6tables would be candidates to disable.
Realistically, nothing on that list is likely to cause you performance problems, and if you turn it off, you're liable to try to enable something down the road and get bit because it was off. The general suggestion of "research them all and turn on only what you need" is a good one, but not exactly cost effective.
If you are concerned simply about performance and/or security, there are far more effective places to look.
General suggestion would be to research each service and determine "exactly" what each service does (look into performance gains using hdparam, or what syslogd provides prior to disabling them). If a particular service proves to be useless in your particular setup then, disable it. Yet, use caution with the service you do decide to disable several are important to day to day functionality. ;-)
Maybe this article might be helpful for you - "Disable Unneeded Services at Boot Time" http://www.imminentweb.com/technologies/centos-disable-unneeded-services-boot-time