pichuang/Support_auto_mysql_secure_installation.patch

## Support_auto_mysql_secure_installation.patch
# Maintainer: Roan Huang <pichuang@cs.nctu.edu.tw>

Automating mysql_secure_installation

In this patch, MySQL default password is "ARCHLNMP"

default password is NOT safe to your system, Please use

/usr/bin/mysqladmin -u root -p'ARCHLNMP' password 'YOUR_NEW_PASSWORD'

change any password if you need.

Remember backup mysql_secure_installation.

Install:
patch -p1 /usr/bin/mysql_secure_installation < Support_auto_mysql_secure_installation.patch

--- origin/mysql_secure_installation	2014-06-11 18:59:38.445190132 +0800
+++ new/mysql_secure_installation	2014-06-11 19:50:35.850781867 +0800
@@ -20,6 +20,7 @@

 trap "interrupt" 1 2 3 6 15

+MYSQL_ROOT_PASSWORD="ARCHLNMP"
 rootpass=""
 echo_n=
 echo_c=
@@ -240,11 +241,7 @@
 get_root_password() {
     status=1
     while [ $status -eq 1 ]; do
-	stty -echo
-	echo $echo_n "Enter current password for root (enter for none): $echo_c"
-	read password
-	echo
-	stty echo
+    password=$MYSQL_ROOT_PASSWORD
 	if [ "x$password" = "x" ]; then
 	    hadpass=0
 	else
@@ -260,27 +257,8 @@
 }

 set_root_password() {
-    stty -echo
-    echo $echo_n "New password: $echo_c"
-    read password1
-    echo
-    echo $echo_n "Re-enter new password: $echo_c"
-    read password2
-    echo
-    stty echo
-
-    if [ "$password1" != "$password2" ]; then
-	echo "Sorry, passwords do not match."
-	echo
-	return 1
-    fi
-
-    if [ "$password1" = "" ]; then
-	echo "Sorry, you can't use an empty password here."
-	echo
-	return 1
-    fi
-
+    echo "!!!WARNING!!! default password is NOT safe, please change root password before running"
+    password1=$MYSQL_ROOT_PASSWORD
     esc_pass=`basic_single_escape "$password1"`
     do_query "UPDATE mysql.user SET Password=PASSWORD('$esc_pass') WHERE User='root';"
     if [ $? -eq 0 ]; then
@@ -376,7 +354,7 @@
 # The actual script starts here

 prepare
-find_mysql_client
+#find_mysql_client
 set_echo_compat

 echo
@@ -401,14 +379,14 @@
 echo

 if [ $hadpass -eq 0 ]; then
-    echo $echo_n "Set root password? [Y/n] $echo_c"
+    echo "Set root password"
 else
     echo "You already have a root password set, so you can safely answer 'n'."
     echo
     echo $echo_n "Change the root password? [Y/n] $echo_c"
 fi

-read reply
+reply = "y"
 if [ "$reply" = "n" ]; then
     echo " ... skipping."
 else
@@ -432,14 +410,8 @@
 echo "production environment."
 echo

-echo $echo_n "Remove anonymous users? [Y/n] $echo_c"
-
-read reply
-if [ "$reply" = "n" ]; then
-    echo " ... skipping."
-else
-    remove_anonymous_users
-fi
+echo "Remove anonymous users"
+remove_anonymous_users
 echo


@@ -451,13 +423,8 @@
 echo "ensures that someone cannot guess at the root password from the network."
 echo

-echo $echo_n "Disallow root login remotely? [Y/n] $echo_c"
-read reply
-if [ "$reply" = "n" ]; then
-    echo " ... skipping."
-else
-    remove_remote_root
-fi
+echo "Disallow root login remote"
+remove_remote_root
 echo


@@ -470,13 +437,8 @@
 echo "before moving into a production environment."
 echo

-echo $echo_n "Remove test database and access to it? [Y/n] $echo_c"
-read reply
-if [ "$reply" = "n" ]; then
-    echo " ... skipping."
-else
-    remove_test_database
-fi
+echo "Remove test database and access to it"
+remove_test_database
 echo


@@ -488,13 +450,8 @@
 echo "will take effect immediately."
 echo

-echo $echo_n "Reload privilege tables now? [Y/n] $echo_c"
-read reply
-if [ "$reply" = "n" ]; then
-    echo " ... skipping."
-else
-    reload_privilege_tables
-fi
+echo "Reload privilege tables now"
+reload_privilege_tables
 echo

 cleanup
@@ -504,3 +461,8 @@
 echo "installation should now be secure."
 echo
 echo "Thanks for using MariaDB!"
+echo "If you dont want to use default password ARCHLNMP, You can use "
+echo
+echo "   /usr/bin/mysqladmin -u root -p'ARCHLNMP' password 'YOUR_NEW_PASSWORD' "
+echo
+echo "to change your root password"
	# Maintainer: Roan Huang <pichuang@cs.nctu.edu.tw>

	Automating mysql_secure_installation

	In this patch, MySQL default password is "ARCHLNMP"

	default password is NOT safe to your system, Please use

	/usr/bin/mysqladmin -u root -p'ARCHLNMP' password 'YOUR_NEW_PASSWORD'

	change any password if you need.

	Remember backup mysql_secure_installation.

	Install:
	patch -p1 /usr/bin/mysql_secure_installation < Support_auto_mysql_secure_installation.patch

	--- origin/mysql_secure_installation 2014-06-11 18:59:38.445190132 +0800
	+++ new/mysql_secure_installation 2014-06-11 19:50:35.850781867 +0800
	@@ -20,6 +20,7 @@

	trap "interrupt" 1 2 3 6 15

	+MYSQL_ROOT_PASSWORD="ARCHLNMP"
	rootpass=""
	echo_n=
	echo_c=
	@@ -240,11 +241,7 @@
	get_root_password() {
	status=1
	while [ $status -eq 1 ]; do
	- stty -echo
	- echo $echo_n "Enter current password for root (enter for none): $echo_c"
	- read password
	- echo
	- stty echo
	+ password=$MYSQL_ROOT_PASSWORD
	if [ "x$password" = "x" ]; then
	hadpass=0
	else
	@@ -260,27 +257,8 @@
	}

	set_root_password() {
	- stty -echo
	- echo $echo_n "New password: $echo_c"
	- read password1
	- echo
	- echo $echo_n "Re-enter new password: $echo_c"
	- read password2
	- echo
	- stty echo
	-
	- if [ "$password1" != "$password2" ]; then
	- echo "Sorry, passwords do not match."
	- echo
	- return 1
	- fi
	-
	- if [ "$password1" = "" ]; then
	- echo "Sorry, you can't use an empty password here."
	- echo
	- return 1
	- fi
	-
	+ echo "!!!WARNING!!! default password is NOT safe, please change root password before running"
	+ password1=$MYSQL_ROOT_PASSWORD
	esc_pass=`basic_single_escape "$password1"`
	do_query "UPDATE mysql.user SET Password=PASSWORD('$esc_pass') WHERE User='root';"
	if [ $? -eq 0 ]; then
	@@ -376,7 +354,7 @@
	# The actual script starts here

	prepare
	-find_mysql_client
	+#find_mysql_client
	set_echo_compat

	echo
	@@ -401,14 +379,14 @@
	echo

	if [ $hadpass -eq 0 ]; then
	- echo $echo_n "Set root password? [Y/n] $echo_c"
	+ echo "Set root password"
	else
	echo "You already have a root password set, so you can safely answer 'n'."
	echo
	echo $echo_n "Change the root password? [Y/n] $echo_c"
	fi

	-read reply
	+reply = "y"
	if [ "$reply" = "n" ]; then
	echo " ... skipping."
	else
	@@ -432,14 +410,8 @@
	echo "production environment."
	echo

	-echo $echo_n "Remove anonymous users? [Y/n] $echo_c"
	-
	-read reply
	-if [ "$reply" = "n" ]; then
	- echo " ... skipping."
	-else
	- remove_anonymous_users
	-fi
	+echo "Remove anonymous users"
	+remove_anonymous_users
	echo


	@@ -451,13 +423,8 @@
	echo "ensures that someone cannot guess at the root password from the network."
	echo

	-echo $echo_n "Disallow root login remotely? [Y/n] $echo_c"
	-read reply
	-if [ "$reply" = "n" ]; then
	- echo " ... skipping."
	-else
	- remove_remote_root
	-fi
	+echo "Disallow root login remote"
	+remove_remote_root
	echo


	@@ -470,13 +437,8 @@
	echo "before moving into a production environment."
	echo

	-echo $echo_n "Remove test database and access to it? [Y/n] $echo_c"
	-read reply
	-if [ "$reply" = "n" ]; then
	- echo " ... skipping."
	-else
	- remove_test_database
	-fi
	+echo "Remove test database and access to it"
	+remove_test_database
	echo


	@@ -488,13 +450,8 @@
	echo "will take effect immediately."
	echo

	-echo $echo_n "Reload privilege tables now? [Y/n] $echo_c"
	-read reply
	-if [ "$reply" = "n" ]; then
	- echo " ... skipping."
	-else
	- reload_privilege_tables
	-fi
	+echo "Reload privilege tables now"
	+reload_privilege_tables
	echo

	cleanup
	@@ -504,3 +461,8 @@
	echo "installation should now be secure."
	echo
	echo "Thanks for using MariaDB!"
	+echo "If you dont want to use default password ARCHLNMP, You can use "
	+echo
	+echo " /usr/bin/mysqladmin -u root -p'ARCHLNMP' password 'YOUR_NEW_PASSWORD' "
	+echo
	+echo "to change your root password"