« back to all changes in this revision
Viewing changes to scripts/mysql_secure_installation.sh
- browse files at revision 28.1.31
- compare with another revision
- download diff
- download tarball
- view history from revision 28.1.31
- Committer: Monty Taylor
- Date: 2008-07-02 06:53:53 UTC
- mto: (28.2.1 packaging) (77.1.30 codestyle)
- mto: This revision was merged to the branch mainline in revision 51.
- Revision ID: monty@inaugust.com-20080702065353-2cc96bu1gpdrbkks
Deleted tons of pointless garbage from scripts.
- files removed:
- scripts/comp_sql.c
- files modified:
- Makefile.am
added
removed
scripts/mysql_secure_installation.sh
1
#!/bin/sh
2
3
# Copyright (C) 2002 MySQL AB and Jeremy Cole
4
#
5
# This program is free software; you can redistribute it and/or modify
6
# it under the terms of the GNU General Public License as published by
7
# the Free Software Foundation; version 2 of the License.
8
#
9
# This program is distributed in the hope that it will be useful,
10
# but WITHOUT ANY WARRANTY; without even the implied warranty of
11
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
# GNU General Public License for more details.
13
#
14
# You should have received a copy of the GNU General Public License
15
# along with this program; if not, write to the Free Software
16
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17
18
config=".my.cnf.$$"
19
command=".mysql.$$"
20
21
trap "interrupt" 2
22
23
rootpass=""
24
echo_n=
25
echo_c=
26
27
set_echo_compat() {
28
case `echo "testing\c"`,`echo -n testing` in
29
*c*,-n*) echo_n= echo_c= ;;
30
*c*,*) echo_n=-n echo_c= ;;
31
*) echo_n= echo_c='\c' ;;
32
esac
33
}
34
35
prepare() {
36
touch $config $command
37
chmod 600 $config $command
38
}
39
40
do_query() {
41
echo $1 >$command
42
mysql --defaults-file=$config <$command
43
return $?
44
}
45
46
make_config() {
47
echo "# mysql_secure_installation config file" >$config
48
echo "[mysql]" >>$config
49
echo "user=root" >>$config
50
echo "password=$rootpass" >>$config
51
}
52
53
get_root_password() {
54
status=1
55
while [ $status -eq 1 ]; do
56
stty -echo
57
echo $echo_n "Enter current password for root (enter for none): $echo_c"
58
read password
59
echo
60
stty echo
61
if [ "x$password" = "x" ]; then
62
hadpass=0
63
else
64
hadpass=1
65
fi
66
rootpass=$password
67
make_config
68
do_query ""
69
status=$?
70
done
71
echo "OK, successfully used password, moving on..."
72
echo
73
}
74
75
set_root_password() {
76
stty -echo
77
echo $echo_n "New password: $echo_c"
78
read password1
79
echo
80
echo $echo_n "Re-enter new password: $echo_c"
81
read password2
82
echo
83
stty echo
84
85
if [ "$password1" != "$password2" ]; then
86
echo "Sorry, passwords do not match."
87
echo
88
return 1
89
fi
90
91
if [ "$password1" = "" ]; then
92
echo "Sorry, you can't use an empty password here."
93
echo
94
return 1
95
fi
96
97
do_query "UPDATE mysql.user SET Password=PASSWORD('$password1') WHERE User='root';"
98
if [ $? -eq 0 ]; then
99
echo "Password updated successfully!"
100
echo "Reloading privilege tables.."
101
if ! reload_privilege_tables; then
102
exit 1
103
fi
104
echo
105
rootpass=$password1
106
make_config
107
else
108
echo "Password update failed!"
109
exit 1
110
fi
111
112
return 0
113
}
114
115
remove_anonymous_users() {
116
do_query "DELETE FROM mysql.user WHERE User='';"
117
if [ $? -eq 0 ]; then
118
echo " ... Success!"
119
else
120
echo " ... Failed!"
121
exit 1
122
fi
123
124
return 0
125
}
126
127
remove_remote_root() {
128
do_query "DELETE FROM mysql.user WHERE User='root' AND Host!='localhost';"
129
if [ $? -eq 0 ]; then
130
echo " ... Success!"
131
else
132
echo " ... Failed!"
133
fi
134
}
135
136
remove_test_database() {
137
echo " - Dropping test database..."
138
do_query "DROP DATABASE test;"
139
if [ $? -eq 0 ]; then
140
echo " ... Success!"
141
else
142
echo " ... Failed! Not critical, keep moving..."
143
fi
144
145
echo " - Removing privileges on test database..."
146
do_query "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'"
147
if [ $? -eq 0 ]; then
148
echo " ... Success!"
149
else
150
echo " ... Failed! Not critical, keep moving..."
151
fi
152
153
return 0
154
}
155
156
reload_privilege_tables() {
157
do_query "FLUSH PRIVILEGES;"
158
if [ $? -eq 0 ]; then
159
echo " ... Success!"
160
return 0
161
else
162
echo " ... Failed!"
163
return 1
164
fi
165
}
166
167
interrupt() {
168
echo
169
echo "Aborting!"
170
echo
171
cleanup
172
stty echo
173
exit 1
174
}
175
176
cleanup() {
177
echo "Cleaning up..."
178
rm -f $config $command
179
}
180
181
182
# The actual script starts here
183
184
prepare
185
set_echo_compat
186
187
echo
188
echo
189
echo
190
echo
191
echo "NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL"
192
echo " SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!"
193
echo
194
echo
195
196
echo "In order to log into MySQL to secure it, we'll need the current"
197
echo "password for the root user. If you've just installed MySQL, and"
198
echo "you haven't set the root password yet, the password will be blank,"
199
echo "so you should just press enter here."
200
echo
201
202
get_root_password
203
204
205
#
206
# Set the root password
207
#
208
209
echo "Setting the root password ensures that nobody can log into the MySQL"
210
echo "root user without the proper authorisation."
211
echo
212
213
if [ $hadpass -eq 0 ]; then
214
echo $echo_n "Set root password? [Y/n] $echo_c"
215
else
216
echo "You already have a root password set, so you can safely answer 'n'."
217
echo
218
echo $echo_n "Change the root password? [Y/n] $echo_c"
219
fi
220
221
read reply
222
if [ "$reply" = "n" ]; then
223
echo " ... skipping."
224
else
225
status=1
226
while [ $status -eq 1 ]; do
227
set_root_password
228
status=$?
229
done
230
fi
231
echo
232
233
234
#
235
# Remove anonymous users
236
#
237
238
echo "By default, a MySQL installation has an anonymous user, allowing anyone"
239
echo "to log into MySQL without having to have a user account created for"
240
echo "them. This is intended only for testing, and to make the installation"
241
echo "go a bit smoother. You should remove them before moving into a"
242
echo "production environment."
243
echo
244
245
echo $echo_n "Remove anonymous users? [Y/n] $echo_c"
246
247
read reply
248
if [ "$reply" = "n" ]; then
249
echo " ... skipping."
250
else
251
remove_anonymous_users
252
fi
253
echo
254
255
256
#
257
# Disallow remote root login
258
#
259
260
echo "Normally, root should only be allowed to connect from 'localhost'. This"
261
echo "ensures that someone cannot guess at the root password from the network."
262
echo
263
264
echo $echo_n "Disallow root login remotely? [Y/n] $echo_c"
265
read reply
266
if [ "$reply" = "n" ]; then
267
echo " ... skipping."
268
else
269
remove_remote_root
270
fi
271
echo
272
273
274
#
275
# Remove test database
276
#
277
278
echo "By default, MySQL comes with a database named 'test' that anyone can"
279
echo "access. This is also intended only for testing, and should be removed"
280
echo "before moving into a production environment."
281
echo
282
283
echo $echo_n "Remove test database and access to it? [Y/n] $echo_c"
284
read reply
285
if [ "$reply" = "n" ]; then
286
echo " ... skipping."
287
else
288
remove_test_database
289
fi
290
echo
291
292
293
#
294
# Reload privilege tables
295
#
296
297
echo "Reloading the privilege tables will ensure that all changes made so far"
298
echo "will take effect immediately."
299
echo
300
301
echo $echo_n "Reload privilege tables now? [Y/n] $echo_c"
302
read reply
303
if [ "$reply" = "n" ]; then
304
echo " ... skipping."
305
else
306
reload_privilege_tables
307
fi
308
echo
309
310
cleanup
311
312
echo
313
echo
314
echo
315
echo "All done! If you've completed all of the above steps, your MySQL"
316
echo "installation should now be secure."
317
echo
318
echo "Thanks for using MySQL!"
319
echo
320
echo
321
322
Loggerhead is a web-based interface for Breezy
Version: 2.0.1