mysql_secure_installation Script

Introduction

The mysql_secure_installation script is a command-line utility that helps you secure your MySQL installation by setting a root password, removing anonymous user accounts, disabling remote root logins, and removing test databases. It is an important tool for ensuring the security of your MySQL server. This script can be used to configure a variety of security settings, including setting a root password, removing anonymous user accounts, disabling remote root logins, and removing test databases. It is recommended that you run this script after installing MySQL to ensure that your server is secure.

mysql_secure_installation Script

#!/bin/bash

# This script will help you secure your MySQL installation

# Get the root password
echo “Please enter the root password for your MySQL installation”
read -s rootpass

# Stop the MySQL server
echo “Stopping MySQL server”
/etc/init.d/mysql stop

# Start the MySQL server
echo “Starting MySQL server”
/etc/init.d/mysql start

# Set the root password
echo “Setting the root password”
mysqladmin -u root password $rootpass

# Delete anonymous users
echo “Deleting anonymous users”
mysql -u root -p$rootpass -e “DELETE FROM mysql.user WHERE User=””

# Disallow remote root login
echo “Disallowing remote root login”
mysql -u root -p$rootpass -e “DELETE FROM mysql.user WHERE User=’root’ AND Host NOT IN (‘localhost’, ‘127.0.0.1’, ‘::1’)”

# Delete the test database
echo “Deleting the test database”
mysql -u root -p$rootpass -e “DROP DATABASE test”

# Reload privileges
echo “Reloading privileges”
mysql -u root -p$rootpass -e “FLUSH PRIVILEGES”

echo “MySQL secure installation complete”

Introduction

MySQL is an open-source relational database management system and part of the popular LAMP stack. The mysql_secure_installation script allows you to significantly improve MySQL server security.

In this guide, you will learn to secure a MySQL server.

Note: MariaDB is a popular fork of MySQL. The information provided in this article applies to MariaDB as well.

Securing a MySQL server using the mysql_secure_installation script.

Prerequisites

Note: Deploy a MySQL database instance on one of our pre-configured Bare Metal Cloud instances for superior performance, starting at only $0.10/h.

mysql_secure_installation Command

After installation, the MySQL server instance on your machine is insecure and susceptible to attacks. mysql_secure_installation is a shell script developed for securing the MySQL server installation on Unix systems. The script configures security settings and allows you to:

The [option] arguments are optional and discussed in the following section.

1. Execute the mysql_secure_installation script using the following syntax:

sudo mysql_secure_installation [option]

2. Type your password and press Y to set up the VALIDATE PASSWORD component which checks whether the new password is strong enough.

3. Next, enter 01, or 2 depending on the password strength you want to set :

  • 0 – Low. The password consists of at least 8 characters.
  • 1 – Medium. The password consists of at least 8 characters (including numeric, mixed case, and special characters).
  • 2 – Strong. The password consists of at least 8 characters (including numeric, mixed case, and special characters, and compares the password to a dictionary file).

4. Once you specify the required strength, enter and re-enter the password.

Secure MySQL on Ubuntu.

5. The program evaluates the strength of your password and requires confirmation with Y to continue.

MySQL estimating the password strength.

6. Next you need to answer the following security features:

  • Remove anonymous users?
  • Disallow root login remotely?
  • Remove test database and access to it?
  • Reload privilege tables now?

To run the script with the default setting, the recommended answer to all these questions is Y.

mysql_secure_installation Options

The mysql_secure_installation script accepts certain options that customize MySQL security configurations. Specify the options in the command line or in the [client] group of the option file.

Note: MySQL can read startup options from option files (also called configuration files). To check whether the program reads option files, use the mysql --help command. If the program reads option files, the output indicates the name of the files and which option groups it recognizes. Open the file and add the wanted options to the [client] group. It will be read by all MySQL clients, and the options specified will apply to all clients.

The most commonly used mysql_secure_installation options are --host and --port.

For example, you can configure MySQL to permit IPv6 connections by clients that connect to the local server using port 3307. To do so, you need to add the ::1 local host address and change the default port (3306) to 3307.

Therefore, when running the installation script, you would use the command:

mysql_secure_installation --host=::1 --port=3307

Other supported options include:

--basedir=dir Specify the base directory.
--print-defaults Print the program argument list and exit.
--no-defaults Prevents the script from reading the default options from any option file.
--defaults-file=# Instructs the script to read only the specified option file #.
--defaults-extra-file=# Reads the specified file # after reading the usual option files.
--defaults-group-suffix=str Reads the usual option groups, but also groups with the usual names and a str suffix.
--help Displays a help message and exits.
--host=host_name Connects to the MySQL server on the specified host.
--no-defaults Prevents script from reading option files (except .mylogin.cnf file).
--password The script accepts this option but always ignores it. Hence, the script prompts for a password whenever invoked.
--port=# Specify the TCP/IP port number to connect to.
--print-defaults Prints the program name and the default options.
--protocol={#} Specify a transport protocol to use for connecting to the server {TCP | SOCKET | PIPE | MEMORY}.
--socket=path Specify the Unix socket file or Windows named_pipe variable to connect to localhost.
--ssl=[1 | 0] Enables or disables connection encryption, respectively. The options beginning with --ssl can also indicate the path to SSL keys and certificates.
--ssl-ca=filename Specify the file containing the trusted SSL Certificate Authorities list.
--ssl-capath=dir Specify the directory path containing trusted SSL Certificate Authority certificate files.
--ssl-cert=filename The path to the file containing the client SSL public key certificate.
--ssl-cipher=list A list of permissible ciphers for connection encryption.
--ssl-crl=filename The path to the file containing certificate revocation lists.
--ssl-crlpath=dir The directory containing certificate revocation list files.
--ssl-key=filename The path to the file containing the client SSL private key certificate.
--ssl-mode=mode Specify one of the server connection security states, in order of increasing strictness: [DISABLED | PREFERRED | REQUIRED | VERIFY_CA | VERIFY_IDENTITY].
--ssl-verify-server-cert Instruct the client to verify host name identity against the server certificate containing the Common Name identity.
--tls-version=list Specify a comma-separated list of permissible TLS protocols for encrypted connections.
--use-default The script executes without interaction.
--user=username Specify the MySQL account user name for connecting to the server.

Conclusion

This guide showed how to improve MySQL server security in Linux. After securing MySQL, we recommend improving MySQL performance to ensure a smooth server operation.

Continue learning about MySQL in our article on important MySQL commands that includes a downloadable cheat sheet.

Securing Your MySQL Installation with the mysql_secure_installation Script

MySQL is one of the most popular open source databases in the world. It is used by millions of websites and applications to store and manage data. As with any software, it is important to keep your MySQL installation secure. The mysql_secure_installation script is a simple tool that can help you do just that.

What Does the mysql_secure_installation Script Do?

The mysql_secure_installation script is a command-line utility that helps you secure your MySQL installation. It performs several tasks, including:

  • Removing anonymous users
  • Disabling remote root logins
  • Removing test databases
  • Reloading privilege tables

By running the mysql_secure_installation script, you can ensure that your MySQL installation is secure and up-to-date.

How to Run the mysql_secure_installation Script

The mysql_secure_installation script is included with the MySQL server package. To run it, open a terminal window and type the following command:

$ mysql_secure_installation

You will be prompted to enter a password for the MySQL root user. Enter the password and press Enter. The script will then run and perform the tasks listed above.

Conclusion

The mysql_secure_installation script is a simple and effective way to secure your MySQL installation. By running it, you can ensure that your MySQL installation is up-to-date and secure.

Jaspreet Singh Ghuman

Jaspreet Singh Ghuman

Jassweb.com/

Passionate Professional Blogger, Freelancer, WordPress Enthusiast, Digital Marketer, Web Developer, Server Operator, Networking Expert. Empowering online presence with diverse skills.

jassweb logo

Jassweb always keeps its services up-to-date with the latest trends in the market, providing its customers all over the world with high-end and easily extensible internet, intranet, and extranet products.

Contact
San Vito Al Tagliamento 33078
Pordenone Italy
Item added to cart.
0 items - 0.00
Open chat
Scan the code
Hello 👋
Can we help you?