Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/bin/bash
#
# Automate mysql secure installation for debian-baed systems
#
# - You can set a password for root accounts.
# - You can remove root accounts that are accessible from outside the local host.
# - You can remove anonymous-user accounts.
# - You can remove the test database (which by default can be accessed by all users, even anonymous users),
# and privileges that permit anyone to access databases with names that start with test_.
# For details see documentation: http://dev.mysql.com/doc/refman/5.7/en/mysql-secure-installation.html
#
# @version 13.08.2014 00:39 +03:00
# Tested on Debian 7.6 (wheezy)
#
# Usage:
# Setup mysql root password: ./mysql_secure.sh 'your_new_root_password'
# Change mysql root password: ./mysql_secure.sh 'your_old_root_password' 'your_new_root_password'"
#
# Delete package expect when script is done
# 0 - No;
# 1 - Yes.
PURGE_EXPECT_WHEN_DONE=0
#
# Check the bash shell script is being run by root
#
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root" 1>&2
exit 1
fi
#
# Check input params
#
if [ -n "${1}" -a -z "${2}" ]; then
# Setup root password
CURRENT_MYSQL_PASSWORD=''
NEW_MYSQL_PASSWORD="${1}"
elif [ -n "${1}" -a -n "${2}" ]; then
# Change existens root password
CURRENT_MYSQL_PASSWORD="${1}"
NEW_MYSQL_PASSWORD="${2}"
else
echo "Usage:"
echo " Setup mysql root password: ${0} 'your_new_root_password'"
echo " Change mysql root password: ${0} 'your_old_root_password' 'your_new_root_password'"
exit 1
fi
#
# Check is expect package installed
#
if [ $(dpkg-query -W -f='${Status}' expect 2>/dev/null | grep -c "ok installed") -eq 0 ]; then
echo "Can't find expect. Trying install it..."
aptitude -y install expect
fi
SECURE_MYSQL=$(expect -c "
set timeout 3
spawn mysql_secure_installation
expect \"Enter current password for root (enter for none):\"
send \"$CURRENT_MYSQL_PASSWORD\r\"
expect \"root password?\"
send \"y\r\"
expect \"New password:\"
send \"$NEW_MYSQL_PASSWORD\r\"
expect \"Re-enter new password:\"
send \"$NEW_MYSQL_PASSWORD\r\"
expect \"Remove anonymous users?\"
send \"y\r\"
expect \"Disallow root login remotely?\"
send \"y\r\"
expect \"Remove test database and access to it?\"
send \"y\r\"
expect \"Reload privilege tables now?\"
send \"y\r\"
expect eof
")
#
# Execution mysql_secure_installation
#
echo "${SECURE_MYSQL}"
if [ "${PURGE_EXPECT_WHEN_DONE}" -eq 1 ]; then
# Uninstalling expect package
aptitude -y purge expect
fi
exit 0
@tisc0

This comment has been minimized.

Copy link

@tisc0 tisc0 commented Jul 21, 2017

Hi Vladimir,
Thanks you very much for that clean piece of code, just tested with MariaDB 10.1 || centos 7.3, and unless the aptitude commands (replaced by some yum), everything works perfectly.
++

@awarmfastbear

This comment has been minimized.

Copy link

@awarmfastbear awarmfastbear commented Feb 26, 2018

Don't forget to wipe your bash history ;)

@davo-pkools

This comment has been minimized.

Copy link

@davo-pkools davo-pkools commented May 1, 2018

For Mysql 5.7, the prompts have changed. Here is an update to the expect component for that environment:

SECURE_MYSQL=$(expect -c "
set timeout 3
spawn mysql_secure_installation
expect "Press y|Y for Yes, any other key for No: "
send "n\r"
expect "New password:"
send "$NEW_MYSQL_PASSWORD\r"
expect "Re-enter new password:"
send "$NEW_MYSQL_PASSWORD\r"
expect "Remove anonymous users?"
send "y\r"
expect "Disallow root login remotely?"
send "y\r"
expect "Remove test database and access to it?"
send "y\r"
expect "Reload privilege tables now?"
send "y\r"
expect eof
")

@davethebrave99

This comment has been minimized.

Copy link

@davethebrave99 davethebrave99 commented Jun 3, 2019

Only for the sake of my own understanding of this script

when executing mysql_secure_installation

expect "Remove anonymous users?"
send "y\r"
does "send "y\r" simply send the "y" key and then the "return" key?

I'm not a bash expert so I'm thankful for any kind of explanation

@coderua

This comment has been minimized.

Copy link
Owner Author

@coderua coderua commented Jun 3, 2019

Only for the sake of my own understanding of this script

when executing mysql_secure_installation

expect "Remove anonymous users?"
send "y\r"
does "send "y\r" simply send the "y" key and then the "return" key?

I'm not a bash expert so I'm thankful for any kind of explanation

Yes, you are right)

@optisistem

This comment has been minimized.

Copy link

@optisistem optisistem commented Jan 29, 2021

Works like a charm, thanks for sharing!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment