Skip to content

Instantly share code, notes, and snippets.

@saxenap

saxenap/mysql_secure_installation.sh

Forked from naillizard/mySQLSecure.sh
Last active January 15, 2018 20:44
Show Gist options
  • Save saxenap/b84d67f63a5fc315c5895648438fd2d0 to your computer and use it in GitHub Desktop.
Save saxenap/b84d67f63a5fc315c5895648438fd2d0 to your computer and use it in GitHub Desktop.
Download ZIP
Automate mysql secure installation for Red Hat Enterprise Linux (RHEL) compatible distributions
Raw
mysql_secure_installation.sh
#!/bin/bash
#
# Copyright (c) 2014-2017 Praveen Saxena <>
# License: BSD-3-Clause
#
# To get:
# rm -rf mysql_secure_installation && wget -O mysql_secure_installation https://gist.githubusercontent.com/saxenap/b84d67f63a5fc315c5895648438fd2d0/raw && chmod 777 mysql_secure_installation && ./mysql_secure_installation
#
# Automate mysql secure installation for Red Hat Enterprise Linux (RHEL) compatible distributions
#
# - Change a password for root accounts (CLI option)
# - Remove root account access from hosts other than localhost. (default behavior)
# - Remove anonymous-user accounts. (default behavior)
# - Remove the test database and privileges that permit anyone to
# access databases with names that start with test_. (default behavior)
#
# For details see documentation: http://dev.mysql.com/doc/refman/5.5/en/mysql-secure-installation.html
#
# @version 2016.03.08 16:00 -05:00
# Forked from @coderua (https://goo.gl/Z2ym5S)
#
# Tested on:
# MySQL Community Edition, v 5.5.46
#
# Usage:
# Secure mysql without changing root password:
# ./mySQLSecure.sh 'current_root_password'
# Secure mysql while changing root password:
# ./mySQLSecure.sh 'current_root_password' 'new_root_password'
#
# Delete package EXPECT when script is done
# 0 - No;
# 1 - Yes.
REMOVE_EXPECT_WHEN_DONE=0
#
# Check the bash shell script is being run by root
#
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root" 1>&2
exit 1
fi
#
# Check input params
#
if [ -n "${1}" -a -z "${2}" ]; then
# Setup root password
CURRENT_MYSQL_PASSWORD="${1}"
NEW_MYSQL_PASSWORD=''
elif [ -n "${1}" -a -n "${2}" ]; then
# Change existing root password
CURRENT_MYSQL_PASSWORD="${1}"
NEW_MYSQL_PASSWORD="${2}"
else
echo "Usage:"
echo " Secure mysql without changing root password:"
echo " ${0} 'current_root_password'"
echo " Secure mysql while changing root password:"
echo " ${0} 'current_root_password' 'new_root_password'"
exit 1
fi
#
# Check if EXPECT package installed
#
if [ $(yum list installed | grep -c expect) -eq 0 ]; then
echo "EXPECT was not found. Installing from YUM repository..."
yum -y install expect
fi
SECURE_MYSQL=$(expect -c "
set timeout 3
spawn mysql_secure_installation
expect {
\"Enter current password for root (enter for none):\" {
send -- $CURRENT_MYSQL_PASSWORD\r
exp_continue
}
\"Set root password? [Y/n]\" {
send \"y\r\"
exp_continue
}
\"New password:\" {
send -- $NEW_MYSQL_PASSWORD\r
exp_continue
}
\"Re-enter new password:\" {
send -- $NEW_MYSQL_PASSWORD\r
exp_continue
}
\"Remove anonymous users? [Y/n]\" {
send \"y\r\"
exp_continue
}
\"Disallow root login remotely? [Y/n]\" {
send \"y\r\"
exp_continue
}
\"Remove test database and access to it? [Y/n]\" {
send \"y\r\"
exp_continue
}
\"Reload privilege tables now? [Y/n]\" {
send \"y\r\"
exp_continue
}
}
")
#
# Execution mysql_secure_installation
#
echo "${SECURE_MYSQL}"
if [ "${REMOVE_EXPECT_WHEN_DONE}" -eq 1 ]; then
# Uninstall EXPECT package
yum -y remove expect
fi
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment