Last active
January 15, 2018 20:04
-
-
Save naillizard/8606bd37b24314073592efbdcb31ee1e to your computer and use it in GitHub Desktop.
Automate mysql secure installation for Red Hat Enterprise Linux (RHEL) compatible distributions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Automate mysql secure installation for Red Hat Enterprise Linux (RHEL) compatible distributions | |
| # | |
| # - Change a password for root accounts (CLI option) | |
| # - Remove root account access from hosts other than localhost. (default behavior) | |
| # - Remove anonymous-user accounts. (default behavior) | |
| # - Remove the test database and privileges that permit anyone to | |
| # access databases with names that start with test_. (default behavior) | |
| # | |
| # For details see documentation: http://dev.mysql.com/doc/refman/5.5/en/mysql-secure-installation.html | |
| # | |
| # @version 2016.03.08 16:00 -05:00 | |
| # Forked from @coderua (https://goo.gl/Z2ym5S) | |
| # | |
| # Tested on: | |
| # MySQL Community Edition, v 5.5.46 | |
| # | |
| # Usage: | |
| # Secure mysql without changing root password: | |
| # ./mySQLSecure.sh 'current_root_password' | |
| # Secure mysql while changing root password: | |
| # ./mySQLSecure.sh 'current_root_password' 'new_root_password' | |
| # | |
| # Delete package EXPECT when script is done | |
| # 0 - No; | |
| # 1 - Yes. | |
| REMOVE_EXPECT_WHEN_DONE=0 | |
| # | |
| # Check the bash shell script is being run by root | |
| # | |
| if [[ $EUID -ne 0 ]]; then | |
| echo "This script must be run as root" 1>&2 | |
| exit 1 | |
| fi | |
| # | |
| # Check input params | |
| # | |
| if [ -n "${1}" -a -z "${2}" ]; then | |
| # Setup root password | |
| CURRENT_MYSQL_PASSWORD="${1}" | |
| NEW_MYSQL_PASSWORD='' | |
| elif [ -n "${1}" -a -n "${2}" ]; then | |
| # Change existing root password | |
| CURRENT_MYSQL_PASSWORD="${1}" | |
| NEW_MYSQL_PASSWORD="${2}" | |
| else | |
| echo "Usage:" | |
| echo " Secure mysql without changing root password:" | |
| echo " ${0} 'current_root_password'" | |
| echo " Secure mysql while changing root password:" | |
| echo " ${0} 'current_root_password' 'new_root_password'" | |
| exit 1 | |
| fi | |
| # | |
| # Check if EXPECT package installed | |
| # | |
| if [ $(yum list installed | grep -c expect) -eq 0 ]; then | |
| echo "EXPECT was not found. Installing from YUM repository..." | |
| yum -y install expect | |
| fi | |
| SECURE_MYSQL=$(expect -c " | |
| set timeout 3 | |
| spawn mysql_secure_installation | |
| expect { | |
| \"Enter current password for root (enter for none):\" { | |
| send -- $CURRENT_MYSQL_PASSWORD\r | |
| exp_continue | |
| } | |
| \"Set root password? [Y/n]\" { | |
| send \"y\r\" | |
| exp_continue | |
| } | |
| \"New password:\" { | |
| send -- $NEW_MYSQL_PASSWORD\r | |
| exp_continue | |
| } | |
| \"Re-enter new password:\" { | |
| send -- $NEW_MYSQL_PASSWORD\r | |
| exp_continue | |
| } | |
| \"Remove anonymous users? [Y/n]\" { | |
| send \"y\r\" | |
| exp_continue | |
| } | |
| \"Disallow root login remotely? [Y/n]\" { | |
| send \"y\r\" | |
| exp_continue | |
| } | |
| \"Remove test database and access to it? [Y/n]\" { | |
| send \"y\r\" | |
| exp_continue | |
| } | |
| \"Reload privilege tables now? [Y/n]\" { | |
| send \"y\r\" | |
| exp_continue | |
| } | |
| } | |
| ") | |
| # | |
| # Execution mysql_secure_installation | |
| # | |
| echo "${SECURE_MYSQL}" | |
| if [ "${REMOVE_EXPECT_WHEN_DONE}" -eq 1 ]; then | |
| # Uninstall EXPECT package | |
| yum -y remove expect | |
| fi | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment