WebMO Home Page
   Features
   Pro Features
   Enterprise Features
   Compare Features
   System Requirements
   Screen Shots
   Working Demo
   Support & Tutorials
   Support Forum
   Testimonials
   Revision History
   Mailing List
   Educational Resources
   Workshops
   License Info
   Pricing
   Buy WebMO Pro/Ent
   Obtain Free License
   Download
WebMO - Computational chemistry on the WWW
Recent news

WebMO 17.0 is now available for free download!

WebMO 17.0 Pro and Enterprise have a variety of additional features and is available for purchase.

The WebMO app is now available for iOS and Android.

September 21, 2017
Installation of Fedora Core 4

These instructions can be used to install and configure Fedora Core 4 (as a server) on a typical PC. They may need to be tweaked slightly, depending on the exact configuration of your PC.

  1. Download the Fedora Core 4 distribution from the Fedora Project and burn the iso's to a single DVD or to 4 CD's

  2. Install Linux

    1. Turn on computer and quickly insert either cd 1 of Fedora Core 4 or the Fedora Core 4 DVD

    2. Workaround: For a 64-bit x86_64 Fedora Core 4 installation, at the boot prompt, type "junk" and the press the 'Enter' key. Otherwise, the installer will crash due to a bug in the version of syslinux used by the installer. This is not a problem for 32-bit Fedora Core 4.

    3. At the boot prompt, press the 'Enter' key

    4. At the CD Found media test, select 'Skip' unless you're uncertain of the CD

    5. At Welcome to Fedora Core, click Next

    6. At Language Selection, choose English

    7. At Keyboard Configuration, choose U.S. English

    8. If Upgrade Examine option comes up, choose 'Install Fedora Core' which will overwrite all contents on the harddisk

    9. At Installation Type, choose Custom

    10. Disk Partitioning
      1. Choose Manually partition with Disk Druid
      2. A warning may come up on systems with a brand new hard drive asking if Disk Druid should initilize the drive, select yes.
      3. Highlight existing partitions and click 'Delete'; confirm 'Delete'
      4. Create the following partitions (sizes suggested for a single 250 GB disk):
        1. / (from dropdown menu) 20480 MB (20 GB)
        2. swap (under file system type) 1024 MB (or twice RAM size)
        3. /home (from dropdown menu) 102400 MB (100 GB)
        4. /scratch Click 'Fill to maximum allowable size' (about 120 GB)
      5. Accept defaults if satisfied with mount points, filesystem types, and formatting; otherwise, select each partition and click Edit

        Note: Only 4 primary partitions are allowed on each hard drive. One of these may be an extended partition, which can contain up to 12 logical partitions. Some very old BIOS limitations require that the Linux /boot directory be contained in its own partition which does not extend beyond cylinder 1024.

    11. At Boot Loader Configuration, accept the default (use GRUB boot loader)

    12. Network Configuration
      1. Select an interface from the list
      2. Click 'Edit'
        1. Uncheck 'Configure using DHCP'
        2. Set the following options: (ask you network adminstrator for correct values)
          1. IP address: {ip_address}
          2. Netmask: {subnet_mask}
      3. Back on the main network configuration page set the following options:
        1. Hostname: {hostname.domain}
        2. Gateway: {gateway_address}
        3. Primary DNS: {dns1_server_address}

    13. Firewall Configuration
      1. Be sure that Enable Firewall is selected
      2. Check Remote Login (SSH) and Web Server (HTTP, HTTPS); if desired, also allow File Transfer (FTP) and Mail Server (SMTP)
      3. IMPORTANT: Set Enable SELinux to Disabled

    14. Time Zone Selection
      1. America/Detroit (or your timezone)
      2. Check "System clock uses UTC" to enable proper handling of daylight savings

    15. Set Root Password

    16. Package Group Selection
      1. Desktop
        1. X Window System
        2. Gnome
        3. KDE
      2. Applications
        1. Editors (Details: Emacs, joe, and vim-enhanced only)
        2. Engineering & scientific
        3. Graphical internet (Details: remove gaim and xchat)
        4. Text-based internet (Details: elinks, fetchmail, lynx, and mutt only)
        5. Office productivity (Details: add xpdf)
        6. Sound & video (Details: add xcdroast)
        7. Authoring and Publishing
        8. Graphics
      3. Servers
        1. Server configuration tools
        2. Web server (Details: add mod_auth_mysql, php-mysql, and php-odbc)
        3. Mail Server (Details: add postfix)
        4. Windows file server
        5. FTP server
        6. MySQL Database (Details: add mod_auth_mysql and php-mysql)
      4. Development
        1. Development tools
        2. Compatibility Arch Development Support
        3. Legacy Software Support
      5. System
        1. Adminstration tools
        2. System tools (Details: add ethereal-gnome, nmap-frontend, rdesktop, tsclient)
        3. Printing support
        4. Compatability Arch Support (this option will only be available when installing a 64 bit computer using the x86_64 distribution of Fedora Core)

    17. About to Install. This is the last chance to safely cancel the installation process. Click Next, and wait while partitions are formatted and packages are installed. If installing from CD's, insert disks 2, 3, and 4 when prompted and click OK. A log will be written to /root/install.log and a kickstart file will be written to /root/anaconda_ks.cfg

    18. Installing Packages. Wait patiently during formatting and installation

    19. Congratulations, the installation is complete. Remove CD/DVD, close the CD tray, and click 'Reboot'

  3. First Boot
    1. At Welcome screen, click Next
    2. At License Agreement, select 'Yes, I agree...' and click Next
    3. At Date and Time, on Network Time Protocol tab, enable Network Time Protocol, enter server name, and click Next
    4. At Display, accept defaults and click Next
    5. At System User , set up a user account and click Next
    6. At Sound card, click Next
    7. At Additional CDs, click Next
    8. At Finish setup, click Next

  4. Verify aspects of the system configuration

      Note: Ctrl+Alt+F1 and Alt+F7 can be used to switch between text and graphic logins

    1. Verify the date and time
      $ date
      Adjust the date and time if necessary
      # date MMDDhhmm[YYYY].ss
      Write the new date and time to the system's CMOS clock
      # hwclock --systohc --utc

    2. Verify that all of the machine's RAM and swap space has been detected
      $ free
      If Linux reports less RAM than is actually installed your system, follow instructions to specify at boot time the amount of available RAM. If swap space has not been detected, the nakke sure that the label for /etc/fstab for swap is reasonable, and use the mkswap -L command to fix the the label if necessary

    3. Verify that domainname can be determined
      $ hostname -d
      If the domainname is not reported, then edit /etc/hosts so that the fully qualified domain name appears before the hostname
      # cd /etc
      # cp -p hosts hosts.000
      # vi hosts
            127.0.0.1   {hostname.domain}   {hostname}   localhost.localdomain   localhost

    4. Workaround: On 64-bit systems, insure that /var/log/lastlog is a reasonable size, i.e., not a sparse 1.2 terabyte file!
      # cd /var/log
      # ls -alFh lastlog
      -rw-r--r-- 1 root root 1.2T Sep 25 09:44 lastlog
      # rm lastlog
      # touch lastlog
      # ls -alFh lastlog
      -rw-r--r-- 1 root root 0 Sep 25 09:48 lastlog

  5. Install update packages from RedHat

      It is critical that any security related updates be applied to your system. Root access security holes are regularly uncovered, and machines connected to the internet are regularly probed for these weaknesses. It is a certainty that unpatched machines will soon be hacked.

    1. Point to a mirror or local yum repository by editing the files within /etc/yum.repos.d A list of mirrors is available at http://fedora.redhat.com/Download/mirrors.html
      # cd /etc/yum.repos.d
      # cp -p fedora.repo fedora.repo.000
      # cp -p fedora-updates.repo fedora-updates.repo.000
      # cp -p fedora-extras.repo fedora-extras.repo.000
      # vi fedora.repo
            comment out "mirrors" line
            uncomment baseurl line and replace "download.fedora.redhat.com" with a mirror or local site
      # vi fedora-updates.repo
            comment out "mirrors" line; uncomment and edit baseurl line
      # vi fedora-extras.repo
            comment out "mirrors" line; uncomment and edit baseurl line
    2. Update packages
      # yum update rpm*
      # yum update yum*
      # yum update kernel*
      Workaround: one must reboot at this point, or subsequent yum updates will not complete properly
      # init 6
      # yum update
            should report "No Packages marked for Update/Obsoletion"
      # yum clean all

  6. Customize Linux

    1. Forward root's email
      It is critical that a human actually read root's email, so that logwatch output, system problems, or security breaches are quickly noted
      # vi /root/.forward
            {joe@university.edu}

    2. Activate locate database updates
      # cd /etc
      # cp -p updatedb.conf updatedb.conf.000
      # vi updatedb.conf
      Change to
            DAILY_UPDATE=yes

    3. Optionally, boot to a text console rather than a graphics console
      # cd /etc
      # cp -p inittab inittab.000
      # vi inittab
      Change to
            id:3:initdefault:

    4. Optionally, install additional system level software
      1. Pine mail reader and pico editor
        # mkdir /home/download
        # cd /home/download
        for 32-bit Fedora Core
        # wget http://ftp.belnet.be/packages/dries.ulyssis.org/fedora/fc4/i386/RPMS.dries/pine-4.64-1.2.fc4.rf.i386.rpm
        or for 64-bit Fedora Core
        # wget http://ftp.belnet.be/packages/dries.ulyssis.org/fedora/fc4/x86_64/RPMS.dries/pine-4.64-1.2.fc4.rf.x86_64.rpm
        # rpm -ihv pine*
        # pine
              E
              Q
              Y

  7. Turn on desired services

    1. Understand background concepts about access to services
      Access to system services over the network is controlled at multiple levels:
      1. A firewall controls what packets are accepted by the system and which are dropped or rejected. The default firewall rules are defined in /etc/sysconfig/iptables, which is created during the Firewall Configuration step of the installation process. The syntax of this file is explained in the iptables man page and on the many websites devoted to explaining iptables.
      2. The software for the service must be installed on the system, which can be checked with the command "rpm -qa | grep {servicename}". Many services have both client and server rpm's, and it is the server package that must be present.
      3. The service must be started by the system. Some services (apache, ssh, samba, sendmail) are always in memory running as daemons. These may be specified to start at boot time with "/sbin/chkconfig {servicename} on|off" or controlled manually with "/sbin/service {servicename} start|stop". Other services (telnet, ftp, rsh, rexec) are controlled by the xinetd daemon. Install xinetd with "yum install xinetd". Turn on desired services by editing the appropriate file in /etc/xinet.d and setting "disable=no". Then restart the xinetd daemon with "/sbin/service xinetd restart".
      4. Access to individual services can be restricted to specific IP address. This is done most fundamentally in the firewall configuration file, which can be configured to only allow access to certain services (ports) by certain IP address ranges. This can also be done for the xinetd services with the /etc/hosts.allow and /etc/hosts.deny files. (Note that /etc/hosts.allow is processed first, and then /etc/hosts.deny. Thus, it is generally best to allow access to specific services by certain address in hosts.allow and then deny all other access in hosts.deny.) Also, some of the services (ssh, sendmail) running as permanent daemons respect /etc/hosts.allow and /etc/hosts.deny. Finally, some services (apache, samba) allow access to be restricted to certain IP addresses through their own configurations files (httpd.conf, smb.conf).
      When troubleshoting access to services, you need to consider all of the above factors. If access is denied at any level, then the service will appear to fail.

    2. Ssh, sftp, and scp
      Ssh, sftp, and scp are secure shell and file transfer programs, replacing telnet and ftp. Ssh is installed by default on Fedora Core 4 systems. However, ssh client software is not part of the typical desktop PC installation (e.g. Microsoft Windows) and must be installed separately as third party software.
      If ssh service fails, make sure that the iptables firewall contains a line for service 22 (ssh) like
            -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
      that the ssh server software is installed
            rpm -qa | grep openssh-server
      that the ssh daemon is running
            /sbin/service sshd status
      and that either /etc/hosts.deny contains no entries or /etc/hosts.allow permits access by the client
            ALL:{network_address}/{subnet_mask}
      or
            sshd:ALL

    3. Apache Web Server
      A few directories need to be set up in the skeleton profile directory (/etc/skel/) to make new user's web directory work correctly
      # cd /etc/skel/
      # mkdir public_html
      # chmod 755 public_html
      # cd public_html
      # mkdir cgi-bin
      # chmod 755 cgi-bin
      Edit the apache configuration file
      # cd /etc/httpd/conf
      # cp -p httpd.conf httpd.conf.000
      # vi httpd.conf
            In the <IfModule mod_userdir.c> section
            Comment the line
                  UserDir disable
            Uncomment the line
                  UserDir public_html
            Uncomment the line
                  AddHandler cgi-script .cgi
            Add the lines (to bottom of file)
                  <Directory /home/*/public_html/cgi-bin>
                  #Enable cgi scripts in user directories
                  Options ExecCGI
                  </Directory>
      It is recommended that directory browsing be disabled. Search for and delete any instances of "Indexes" within "Options" statements, which can be located with
      # grep -n ^[[:space:]]*Options httpd.conf | grep Indexes
      For example, change
            Options Indexes FollowSymLinks
      to
            Options FollowSymLinks
      Make sure that the /etc/sysconfig/iptables firewall configuration file contains a line for service 80 (http) like
            -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
      Restart the firewall if the iptables file was edited
      # /sbin/service iptables restart
      Since web service is not started by default, start the apache server
      # /sbin/chkconfig httpd on
      # /sbin/service httpd start
      Note that
      suexec is turned on by default. Thus all user cgi scripts run as the user in whose directory they are installed, instead of as the 'apache' user. Suexec imposes many security restrictions upon cgi scripts. Not only must the scripts by nonwritable by others, the directory containing the cgi script must be non writable by others, e.g., mode 755. By default, directories and files are created with mode 775 in Fedora Core. Therefore, one must manually do a 'chmod 755' on any directory containing cgi scripts as well as the files themselves.

    4. Samba
      Samba permits access to files on the Linux system via Windows networking. By default, Samba uses "security=user", which requires that a user have a Linux account with the same name as their Windows login name, and "encrypt passwords = yes", which requires that users (or the Linux administrator) maintain a separate samba password list on the Linux machine with the user's Window's password that is in general different than their Linux password. The following instructions configure Samba to use "security=share", which allows users to access any home directories for which they know the password (similar to Windows98 directory sharing). However, passwords for these shares are maintained separately from the Linux login passwords.
      Edit the samba configuration file
      # cd /etc/samba
      # cp -p smb.conf smb.conf.000
      # vi smb.conf
            In the [global] section
            Set
                  workgroup = {workgroup}
                  server string = %h
                  load printers = no
                  security = share
            Add
                  oplocks = no
                  level2 oplocks = no
                  preserve case = yes
                  short preserve case = yes
            Add in the [homes] section
            Set
                  browseable = yes
            Add
                  create mode = 0664
                  directory mode = 0775
      Let samba packets across the firewall
      # vi /etc/sysconfig/iptables
            -A RH-Firewall-1-INPUT -m state --state NEW -s {network address}/{network mask} -m tcp -p tcp --dport 137:139 -j ACCEPT
            -A RH-Firewall-1-INPUT -m state --state NEW -s {network address}/{network mask} -m udp -p udp --dport 137:139 -j ACCEPT
      Restart the firewall
      # /sbin/service iptables restart
      Start the samba server
      # /sbin/chkconfig smb on
      # /sbin/service smb start
      Add the samba share password
      # smbpasswd -a {user}
      Users may now change their password with
      $ smbpasswd
      Browse the samba shares from the Windows "Network Neighborhood". Shares which do not appear may be accessed from Start: Run...: \\{serverhostname}\{sharename}.

    5. Sendmail (not recommended)
      By default, Fedora Core configures sendmail to only accept mail from the localhost, which should be fine in almost all cases. Since you probably already have an email account on a centralized server, you do not need to accept email from the outside world on your Linux machine. Do not allow outsiders to access sendmail unless you thoroughly understand how relaying works (which permits massive spamming), are prepared to administer an email system, and are willing to accept reponsibility for any spam forwarded by your system!
      If you do need to set up a centralized email server on your system, do the following:
      If necessary, install the sendmail configuration file package:
      # yum install sendmail-cf
      Edit the sendmail configuration file
      # cd /etc/mail
      # cp -p sendmail.cf sendmail.cf.000
      # cp -p sendmail.mc sendmail.mc.000
      # vi sendmail.mc
            dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
      # m4 sendmail.mc >/etc/sendmail.cf
      Allow external access to sendmail
      # cd /etc
      # vi hosts.allow
            sendmail:ALL
      # cd /etc/sysconfig
      # vi iptables
            -A input -s 0/0 -d 0/0 25 -p tcp -y -j ACCEPT
      # /sbin/service iptables restart
      Restart sendmail
      # /sbin/service sendmail restart

    6. Pop3 and imap (not recommended)
      These mail access agents are probably only needed if sendmail has been set to allow access from other computers, i.e., the system is intended to be a mail server from which you will regularly read mail. In general, you will not do this, but would instead simply forward any mail from Linux account to an existing email account.
      $ cd ~
      $ vi .forward
            {joe@university.edu}
      If you do wish to set up pop3 or other mail retrieval services, you must install an imap package from their extras distribution:
            yum install cyrus-imapd
      or
            yum install uw-imap
      If necessary, allow external access to the service through xinetd
            # cd /etc/xinet.d
            # vi ipop3
                  disable=no
            # /sbin/service xinetd restart
      /etc/hosts.allow
            # cd /etc
            # vi hosts.allow
                  ipop3d:ALL
      and iptables
            # cd /etc/sysconfig
            # vi iptables
                  -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT
                  -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 110 -j ACCEPT
            # /sbin/service iptables restart
      Note that the above procedure has NOT been tested!

    7. Additonal comments about access control files
      1. /etc/sysconfig/iptables
        The iptables configuration file defines which IP packets are accepted, rejected, or denied by the Linux machine. It is often preferable to limit accepted packets to the local network, rather than accept them from anywhere. For example, to accept WWW packets from anywhere, but limit telnet packets to being from the local network, one would use
              -A input -s 0/0 -d 0/0 80 -p tcp -y -j ACCEPT
              -A input -s {network_address}/{subnet_mask} -d 0/0 23 -p tcp -y -j ACCEPT
        where {network_address} may be calculated from
        $ ipcalc --network {ip_address} {subnet_mask}
        {subnet_mask} may also be specified as an integer equalling the number of nonzero bits starting from the left, e.g., 255.255.255.0=24 or 255.255.255.240.0=20
        After editing /etc/sysconfig/iptables, restart the iptables service for the changes to take effect
        # /sbin/service iptables restart
      2. /etc/xinetd.d
        Filenames in this directory correspond to services that are controlled by the internet services daemon (formerly known as tcp_wrappers). Edit these files to disable (disable = yes) or enable (disable = no) these services. Restart the xinetd daemon for changes to take effect.
        # /sbin/service xinetd restart
        Access to the services is further controlled by the /etc/hosts.allow and etc/hosts.allow files as described below.
      3. /etc/hosts.allow and /etc/hosts.deny
        These files control what IP addresses are allowed to access various services on the Linux machine. It is best to allow access for various services to some IP numbers, and then to deny all other access. An example of an /etc/hosts.allow entry that permits access to all services from a limited IP address range is
              ALL: {network_address}/{subnet_mask}
        An example of an /etc/hosts.allow entry that permits access to ssh from anywhere is
              sshd: ALL
        Other services controlled by these access files include
              in.telnetd
              in.ftpd
              sendmail
              ipop3d
        If access is permitted to specific services as above, then it is recommended that the /etc/hosts.deny file consist of
              ALL: ALL
        The efect of these entries is immediate, and the xinetd daemon does not need to be restarted after making changes.
        Note that if one properly configures the iptables firewall, then these access control files are redundant and no changes are needed from the default configuration (empty, which permits access to all services by anyone).

  8. Install and setup computational chemistry software

    1. Setup scratch directory
      # cd /scratch
      # rm -r lost+found
      # chmod 777 /scratch
      # chmod +t /scratch

    2. Install computational chemistry engines

      • Pre-compiled binaries save the time and trouble of downloading and compiling program source code. Instructions and pre-compiled binaries are available for the Linux operating system

      • Compiling the source code allows software to be installed on a wider array of hardware and oparting systems

    3. Install WebMO
      WebMO installation instructions

Copyright © 2006, WebMO, LLC, all rights reserved.