Skip to content

Instantly share code, notes, and snippets.

@crisp2u
Forked from coderua/mysql_secure.sh
Last active February 26, 2018 04:22
Show Gist options
  • Save crisp2u/7e1c87287e6a3614f8d656a47c8113c5 to your computer and use it in GitHub Desktop.
Save crisp2u/7e1c87287e6a3614f8d656a47c8113c5 to your computer and use it in GitHub Desktop.
#!/bin/bash
#
# Automate mysql secure installation for debian-baed systems
#
# - You can set a password for root accounts.
# - You can remove root accounts that are accessible from outside the local host.
# - You can remove anonymous-user accounts.
# - You can remove the test database (which by default can be accessed by all users, even anonymous users),
# and privileges that permit anyone to access databases with names that start with test_.
# For details see documentation: http://dev.mysql.com/doc/refman/5.7/en/mysql-secure-installation.html
#
# @version 13.08.2014 00:39 +03:00
# Tested on CentOS 7.2
#
# Usage:
# Setup mysql root password: ./mysql_secure.sh 'your_new_root_password'
# Change mysql root password: ./mysql_secure.sh 'your_old_root_password' 'your_new_root_password'"
#
# Delete package expect when script is done
# 0 - No;
# 1 - Yes.
PURGE_EXPECT_WHEN_DONE=1
function isinstalled {
if yum list installed "$@" >/dev/null 2>&1; then
true
else
false
fi
}
#
# Check the bash shell script is being run by root
#
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root" 1>&2
exit 1
fi
#
# Check input params
#
if [ -n "${1}" -a -z "${2}" ]; then
# Setup root password
CURRENT_MYSQL_PASSWORD=''
NEW_MYSQL_PASSWORD="${1}"
elif [ -n "${1}" -a -n "${2}" ]; then
# Change existens root password
CURRENT_MYSQL_PASSWORD="${1}"
NEW_MYSQL_PASSWORD="${2}"
else
echo "Usage:"
echo " Setup mysql root password: ${0} 'your_new_root_password'"
echo " Change mysql root password: ${0} 'your_old_root_password' 'your_new_root_password'"
exit 1
fi
#
# Check is expect package installed
#
if isinstalled expect; then
echo "Can't find expect. Trying install it..."
yum -y install expect
fi
SECURE_MYSQL=$(expect -c "
set timeout 3
spawn mysql_secure_installation
expect \"Enter current password for root (enter for none):\"
send \"$CURRENT_MYSQL_PASSWORD\r\"
expect \"root password?\"
send \"y\r\"
expect \"New password:\"
send \"$NEW_MYSQL_PASSWORD\r\"
expect \"Re-enter new password:\"
send \"$NEW_MYSQL_PASSWORD\r\"
expect \"Remove anonymous users?\"
send \"y\r\"
expect \"Disallow root login remotely?\"
send \"y\r\"
expect \"Remove test database and access to it?\"
send \"y\r\"
expect \"Reload privilege tables now?\"
send \"y\r\"
expect eof
")
#
# Execution mysql_secure_installation
#
echo "${SECURE_MYSQL}"
if [ "${PURGE_EXPECT_WHEN_DONE}" -eq 1 ]; then
# Uninstalling expect package
yum -y erase expect
fi
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment