0 - Halt
1 - Single User Mode
2 - Multiuser, without NFS (The same as 3, if you do not have networking)
3 - Full Multiuser Mode
4 - unused, can be setup for networking in a different location, etc.
5 - Full Multiuser Mode with XWindows (foundation of GUI)
6 - Reboot (your machine switches to this one when you use ctrl-alt-delete)
Typically your machine runs at runlevel 3 or runlevel 5 for normal operation. If you want to change the default runlevel, edit /etc/inittab. In this file there is a line like "id:5:initdefault:" which sets the default runlevel, in this case to runlevel 5. It's a common joke to set a friend's initdefault to runlevel 6 if they leave themselves logged in as root. Basically the machine keeps rebooting... until you type linux 1 at the LILO prompt. This sends the machine into Single User Mode, and you can adjust /etc/inittab back to a normal initdefault.
Each service has a script in the /etc/rc.d/init.d/ directory. Look at this example. To automatically execute such a script, each runlevel's directory has a symbolic link. For example, to make sshd activate w/ runlevel 5, try "ln -s /etc/rc.d/init.d/sshd /etc/rc.d/rc5.d/S55sshd". The "S55" is necessary, all the links to services have a similar prefix that identifies the function and sequential order of the link. (S is for start, K is for stop).
Here's a listing of programs commonly found in /etc/rc.d/init.d with a short description:
amd: automount daemon. It's a program that automatically mounts filesystems when they are used. It's useful for NFS connections that are intermittent (like over a dialup), and for people too lazy to mount and unmount their CD-ROM. Recommendation: NO.
atd: at daemon. Similar to cron, it's used to automatically run a process in the future. The process only runs once. If you want a recurring process, then use cron. It's not a network hole but most people never use it so recommendation: NO.
bigfs: enable bigfs support. This is used to perform some extra checks when mounting filesystems > 4-6 GB. If you've got that much disk, I'd split out a /home, /usr, and /var partitions. It's not a network hole, but don't use it unless you need it. Recommendation: If needed.
cron, crond: automatically run processes at scheduled intervals. This is essential for some system processes (like rotating the logs and rebuilding the locate database), so recommendation: YES.
dhcpd: dynamically get a IP address when initializing network services. Rice uses this to manage the college subnets, so you need it. Recommendation: YES.
functions: this is a file that holds some library functions for other rc services. you should never need to run it yourself. Recommendation: NO.
gpm: general purpose mouse. This is the mouse driver for the console. X (and quake) uses it's own mouse driver. It's only useful if you don't use X and you want to cut and paste between virtual consoles. It's not a network hole, but most people don't use it. Recommendation: NO.
halt, reboot: halt the system. This is called when you reboot, so don't put it in anything other than /etc/rc.d/rc6.d.
httpd: hypertext transfer protocol daemon, web server. Apache is the default and is pretty solid, but unless you actually *need* a web server, I wouldn't use it. Recommendation: MAYBE.
iBCS: intel Binary Compatibility Standard. This is an attempt for binary compatibility between x86 Unices. It's only useful if you need to use proprietary binaries (no source available) that you only have for some other x86 Unix. It's not a network hole. Recommendation: If needed.
inet: internet services. This provides a slew of services that are spun off when an incoming connection arrives. The file controlling this is /etc/inetd.conf which should be edited. Most of these services use plaintext password transfer and some have security holes. Use it if you want ftp. Use ssh for remote access. Recommendation: MAYBE.
innd, news: internet news daemon. This is used if you want to host a full (or partial) Usenet spool. This is a memory/cpu pig that destroys hard disks. Recommendation: NO.
ipfwctrl: IP firewall control. Control the firewall support compiled into the kernel. Unless you are doing IP masquerading, or routing packets to machines on another subnet, you don't need this. Recommendation: NO.
ipx: bring up/down IPX networking. This is Novell's protocol that is still used a lot on business LANs. Until you configure WINE to play Starcraft, recommendation: NO.
ipxripd: IPX RIP/SAP daemon. I'm not sure what this does for IPX networks, but it's only needed if you are going to be a server on an IPX network. Recommendation: NO
kerneld: kernel daemon. this is used primarily for loading and unloading modules. Use it if you have a modular kernel. Recommendation: YES.
keytable: load a different keytable. If you've joined the dark side and use a dvorak keyboard, then you need this. Recommendation: NO.
killall: called after reboot/halt as a sanity check. You should never put this in anything other than /etc/rc.d/rc6.d. Recommendation: NO.
local: run rc.local. Your system does some last minute stuff in here before it's done booting. Recommendation: YES.
logoutd: enforce login time restrictions. Recommendation: YES.
lpd: line printer daemon. You need it if you have a printer attached to your computer. Recommendation: YES.
mta, sendmail: mail transfer agent. Use your local machine as a mail server. This is needed so various processes can mail you when the fit hits shan. Recommendation: YES.
named: name daemon. Provide DNS services. Use this as a caching only nameserver if you are connecting over a modem, but most people shouldn't need it. Recommendation: NO.
netatalk: appletalk daemon. If you want to serve up directory trees to people running MacOS, then this is what you need. Recommendation: NO.
network: start network services. This runs the appropriate ifconfig and route commands to get the network working. Recommendation: YES.
nfs: network filesystem. Unless you want to export your directory tree to another Unix box where you have root, don't use it. NFS is pretty insecure in any case. Recommendation: NO.
nfsfs: network filesystem filesystem. Unless you want to mount a directory tree that another Unix box is exporting, recommendation: NO.
nis-client: network information services. This is used to make multiple machines use one passwd file, such as Owlnet uses. It's pretty insecure. You could use this to allow people with Owlnet accounts to log-on to your machine, but recommendation: NO.
nis-server: network information services. Serve up you passwd file for other machines to use for login. Recommendation: NO.
ntp: network time protocol. Synchronize your clock with one on another machine. This is useless for anything other than the gee-whiz factor. Recommendation: NO.
nwclient: netware client. Connect to a Novell file server. Recommendation: NO.
pcmcia: personal computer memory card international association. Useless unless you have a laptop. Recommendation: MAYBE.
portmap: provide information for rpc services (such as NIS, nfs, and others). Don't use it unless you know that you need it. Recommendation: NO.
postgres: postgres database server. Unless you need a SQL server, don't use it. Recommendation: NO.
random, urandom: preserve the random seed between reboots. Provides much more randomness to random numbers. Recommendation: YES.
rmnologin: remove /etc/nologin. allow users to login to your machine. The last thing run before turning over the box to the users. Recommendation: YES.
rstatd: remote statistics daemon. Allow the internet to query your box for running processes and network status. Recommendation: NO.
rusersd: remote users daemon. Allow the internet to query your box for information about who's logged in. Recommendation: NO.
rwalld: remote write to all daemon. Allow the internet to write a message to everybody's console. Recommendation: NO.
rwhod: remote who daemon. Allow the internet to query your box for who information. Recommendation: NO.
samba, smb: session message block protocol. Export directories to Windows 3.11, 95, 98, NT machines. Allow your machine to show up in the Network Neighborhood, sort of like Mr. Rogers. Recommendation: NO.
serial.sample: sample setup for serial ports distributed with setserial. If you've got a device on a serial port, then you should actually configure this file. otherwise, recommendation: NO.
single: programs to run in single user mode. This is a shitty idea. Should just use /etc/rc.d/rc1.d, recommendation: NO.
skeleton: skeleton example for other rc services. You shouldn't ever run this directly. Recommendation: NO.
skipped: report which services were skipped by LISA. Another shitty idea from Caldera. Recommendation: NO.
sound: set up sound drivers. If you want to hear biff bark, then set this up and run it. Recommendation: MAYBE.
sprayd: act as a network sink for the spray program. Unless you are testing out the network, this is pretty much useless. Recommendation: NO.
syslog: log system messages sent to /dev/console into /var/log/messages. Definitely a useful thing. Recommendation: YES.