commit b6240f399f2fe8f95d22927d3a48a9ec5b4689ea parent abfb5661e8c375179ea8d56a2078ff1a61ce9436 Author: Andreas Gruhler <andreas.gruhler@adfinis.com> Date: Sat, 12 Oct 2024 10:33:50 +0200 feat(mariadb-lxc): improve secure install Diffstat:
| M | scripts/mariadb.sh | | | 32 | ++++++++++++++++++++------------ |
1 file changed, 20 insertions(+), 12 deletions(-)
diff --git a/scripts/mariadb.sh b/scripts/mariadb.sh @@ -8,18 +8,26 @@ set -o xtrace apt-get install -y mariadb-server mariadb-backup # MySql cecure install - -# remove anonymous user -mysql -e "DELETE FROM mysql.user WHERE User='';" - -# disallow remote access -mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" - -# drop test database -mysql -e "DROP DATABASE IF EXISTS test;" - -# set root password and reload privileges -mysql -e "UPDATE mysql.user SET Password=PASSWORD('$MYSQL_ROOT_PASSWORD') WHERE User='root'; FLUSH PRIVILEGES;" +# https://github.com/MariaDB/server/blob/main/scripts/mysql_secure_installation.sh +# +# Enter current password for root (enter for none) +# Switch to unix_socket authentication (y) +# New root password (twice) +# Remove anonymous users? (y) +# Disallow root login remotely? (y) +# Remove test database and access to it? (y) +# Reload privilege tables now? (y) + +mariadb-secure-installation <<EOF + +y +$MYSQL_ROOT_PASSWORD +$MYSQL_ROOT_PASSWORD +y +y +y +y +EOF # configure .my.cnf for root cat << EOF > /root/.my.cnf