I would like to make a security suggestion to the excelent turkey team.. I advise the following security settings.
In the httpd.conf file, making the following entry default upon install:
expose_php = Off
I would also suggest the team include the fail2ban app, enabled and working by default. Also hardened for the type of enviroment you made turnkey LAMP as. Securing against ssh, webmin, phpmysql manager, webshell and even apache as examples..
I also just noticed that the webmin is also advertising it is 1.590 when I issue the HEAD / HTTP/1.0 via telnet.. No idea how to turn that off, any help?
I don't see the benefit of advertising version numbers to the public..