-
-
Save vallamost/873b590a10c18a904b6db9497cfa8031 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# Automate mysql secure installation for debian-baed systems | |
# | |
# - You can set a password for root accounts. | |
# - You can remove root accounts that are accessible from outside the local host. | |
# - You can remove anonymous-user accounts. | |
# - You can remove the test database (which by default can be accessed by all users, even anonymous users), | |
# and privileges that permit anyone to access databases with names that start with test_. | |
# For details see documentation: http://dev.mysql.com/doc/refman/5.7/en/mysql-secure-installation.html | |
# | |
# @version 25.02.2018 20:23 -07:00 | |
# Tested on Amazon Linux 2 | |
# | |
# Usage: | |
# Setup mysql root password: ./mysql_secure.sh 'your_new_root_password' | |
# Change mysql root password: ./mysql_secure.sh 'your_old_root_password' 'your_new_root_password'" | |
# | |
# Delete package expect when script is done | |
# 0 - No; | |
# 1 - Yes. | |
PURGE_EXPECT_WHEN_DONE=1 | |
function isinstalled { | |
if yum list installed "$@" >/dev/null 2>&1; then | |
true | |
else | |
false | |
fi | |
} | |
# | |
# Check the bash shell script is being run by root | |
# | |
if [[ $EUID -ne 0 ]]; then | |
echo "This script must be run as root" 1>&2 | |
exit 1 | |
fi | |
# | |
# Check input params | |
# | |
if [ -n "${1}" -a -z "${2}" ]; then | |
# Setup root password | |
CURRENT_MYSQL_PASSWORD='' | |
NEW_MYSQL_PASSWORD="${1}" | |
elif [ -n "${1}" -a -n "${2}" ]; then | |
# Change existens root password | |
CURRENT_MYSQL_PASSWORD="${1}" | |
NEW_MYSQL_PASSWORD="${2}" | |
else | |
echo "Usage:" | |
echo " Setup mysql root password: ${0} 'your_new_root_password'" | |
echo " Change mysql root password: ${0} 'your_old_root_password' 'your_new_root_password'" | |
exit 1 | |
fi | |
# | |
# install expect | |
# | |
yum -y install expect | |
SECURE_MYSQL=$(expect -c " | |
set timeout 3 | |
spawn mysql_secure_installation | |
expect \"Enter current password for root (enter for none):\" | |
send \"$CURRENT_MYSQL_PASSWORD\r\" | |
expect \"root password?\" | |
send \"y\r\" | |
expect \"New password:\" | |
send \"$NEW_MYSQL_PASSWORD\r\" | |
expect \"Re-enter new password:\" | |
send \"$NEW_MYSQL_PASSWORD\r\" | |
expect \"Remove anonymous users?\" | |
send \"y\r\" | |
expect \"Disallow root login remotely?\" | |
send \"y\r\" | |
expect \"Remove test database and access to it?\" | |
send \"y\r\" | |
expect \"Reload privilege tables now?\" | |
send \"y\r\" | |
expect eof | |
") | |
# | |
# Execution mysql_secure_installation | |
# | |
echo "${SECURE_MYSQL}" | |
if [ "${PURGE_EXPECT_WHEN_DONE}" -eq 1 ]; then | |
# Uninstalling expect package | |
yum -y erase expect | |
fi | |
exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment