bumbummen99/mysql_secure.sh

## mysql_secure.sh
#!/bin/bash

#
# Automate mysql secure installation for debian-baed systems
#
#  - You can set a password for root accounts.
#  - You can remove root accounts that are accessible from outside the local host.
#  - You can remove anonymous-user accounts.
#  - You can remove the test database (which by default can be accessed by all users, even anonymous users),
#    and privileges that permit anyone to access databases with names that start with test_.
#  For details see documentation: http://dev.mysql.com/doc/refman/5.7/en/mysql-secure-installation.html
#
# @version 13.08.2014 00:39 +03:00
# Tested on Debian 7.6 (wheezy)
#
# Usage:
#  Setup mysql root password:  ./mysql_secure.sh 'your_new_root_password'
#  Change mysql root password: ./mysql_secure.sh 'your_old_root_password' 'your_new_root_password'"
#

# Delete package expect when script is done
# 0 - No;
# 1 - Yes.
PURGE_EXPECT_WHEN_DONE=0

#
# Check the bash shell script is being run by root
#
if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root" 1>&2
   exit 1
fi

#
# Check input params
#
if [ -z "$1" ]; then
    echo "Usage:"
    echo "  Setup mysql root password: ${0} 'root_password'"
    exit 1
else
    NEW_MYSQL_PASSWORD="${1}"
fi

#
# Check is expect package installed
#
if [ $(dpkg-query -W -f='${Status}' expect 2>/dev/null | grep -c "ok installed") -eq 0 ]; then
    echo "Can't find expect. Trying install it..."
    apt install -y expect

fi

SECURE_MYSQL=$(expect -c "

set timeout 3
spawn mysql_secure_installation

expect \"Would you like to setup VALIDATE PASSWORD component?\"
send \"n\r\"

expect \"New password:\"
send \"$NEW_MYSQL_PASSWORD\r\"

expect \"Re-enter new password:\"
send \"$NEW_MYSQL_PASSWORD\r\"

expect \"Do you wish to continue with the password provided?\"
send \"y\r\"

expect \"Remove anonymous users?\"
send \"y\r\"

expect \"Disallow root login remotely?\"
send \"y\r\"

expect \"Remove test database and access to it?\"
send \"y\r\"

expect \"Reload privilege tables now?\"
send \"y\r\"

expect eof
")

#
# Execution mysql_secure_installation
#
echo "${SECURE_MYSQL}"

if [ "${PURGE_EXPECT_WHEN_DONE}" -eq 1 ]; then
    # Uninstalling expect package
    aptitude -y purge expect
fi

exit 0
	#!/bin/bash

	#
	# Automate mysql secure installation for debian-baed systems
	#
	# - You can set a password for root accounts.
	# - You can remove root accounts that are accessible from outside the local host.
	# - You can remove anonymous-user accounts.
	# - You can remove the test database (which by default can be accessed by all users, even anonymous users),
	# and privileges that permit anyone to access databases with names that start with test_.
	# For details see documentation: http://dev.mysql.com/doc/refman/5.7/en/mysql-secure-installation.html
	#
	# @version 13.08.2014 00:39 +03:00
	# Tested on Debian 7.6 (wheezy)
	#
	# Usage:
	# Setup mysql root password: ./mysql_secure.sh 'your_new_root_password'
	# Change mysql root password: ./mysql_secure.sh 'your_old_root_password' 'your_new_root_password'"
	#

	# Delete package expect when script is done
	# 0 - No;
	# 1 - Yes.
	PURGE_EXPECT_WHEN_DONE=0

	#
	# Check the bash shell script is being run by root
	#
	if [[ $EUID -ne 0 ]]; then
	echo "This script must be run as root" 1>&2
	exit 1
	fi

	#
	# Check input params
	#
	if [ -z "$1" ]; then
	echo "Usage:"
	echo " Setup mysql root password: ${0} 'root_password'"
	exit 1
	else
	NEW_MYSQL_PASSWORD="${1}"
	fi

	#
	# Check is expect package installed
	#
	if [ $(dpkg-query -W -f='${Status}' expect 2>/dev/null \| grep -c "ok installed") -eq 0 ]; then
	echo "Can't find expect. Trying install it..."
	apt install -y expect

	fi

	SECURE_MYSQL=$(expect -c "

	set timeout 3
	spawn mysql_secure_installation

	expect \"Would you like to setup VALIDATE PASSWORD component?\"
	send \"n\r\"

	expect \"New password:\"
	send \"$NEW_MYSQL_PASSWORD\r\"

	expect \"Re-enter new password:\"
	send \"$NEW_MYSQL_PASSWORD\r\"

	expect \"Do you wish to continue with the password provided?\"
	send \"y\r\"

	expect \"Remove anonymous users?\"
	send \"y\r\"

	expect \"Disallow root login remotely?\"
	send \"y\r\"

	expect \"Remove test database and access to it?\"
	send \"y\r\"

	expect \"Reload privilege tables now?\"
	send \"y\r\"

	expect eof
	")

	#
	# Execution mysql_secure_installation
	#
	echo "${SECURE_MYSQL}"

	if [ "${PURGE_EXPECT_WHEN_DONE}" -eq 1 ]; then
	# Uninstalling expect package
	aptitude -y purge expect
	fi

	exit 0