initial commit

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Allan Christensen
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,66 @@
+# MariaDB for Ubuntu 24.04 Server
+[![OS](https://img.shields.io/badge/ubuntu-24.04-E95420)](#)
+[![Shell](https://img.shields.io/badge/shell-bash-121011)](#)
+[![DB](https://img.shields.io/badge/server-mariadb-003545)](#)
+[![Auth](https://img.shields.io/badge/auth-socket-blue)](#)
+[![License](https://img.shields.io/badge/License-MIT-green)](./LICENSE)
+
+Automated Bash installer script for deploying MariaDB on Ubuntu 24.04 Server using **socket authentication** for the root account and creating a dedicated **local-only admin user** supplied at runtime.
+
+This is a **production-focused installer**, not a demo.
+
+---
+
+### Preparing
+Update your package index before running the installer:
+
+```
+sudo apt update -y
+```
+
+### Download the Script
+Clone the repository from your Git server:
+```
+git clone https://git.x-files.dk/database-server/mariadb-ubuntu.git
+```
+
+```
+cd mariadb-ubuntu
+```
+
+### Usage
+Run the script with your chosen admin username and password:
+```
+sudo ./mariadbinstall -u <adminuser> -p <password>
+```
+
+### Example
+```bash
+sudo ./mariadbinstall -u mydbuser -p "StrongPassword123"
+```
+
+> **IMPORTANT**
+> Always enclose the password in quotes if it contains special characters such as `$`, `!`, or `&`.
+
+---
+
+### Notes
+- No `mysql_secure_installation` needed — this scipt is performing the equivalent hardening.  
+- The created admin user is **restricted to localhost only** for security.  
+- Root remains socket-authenticated by default.  
+
+> **On a side note**  
+> I know that on modern Ubuntu systems `mysql_secure_installation` isn’t strictly necessary anymore — but a bit of paranoia helps me sleep at night. That’s why the script still runs through the whole `mysql_secure_installation` ritual. It’s not that it’s required — I just don’t want anyone blaming me because it *wasn’t* done. 
+
+---
+
+### More Information
+
+More guides and documentation can be found on [wiki.x-files.dk](https://wiki.x-files.dk)
+
+---
+
+### License
+Licensed under the [MIT License](./LICENSE).
+
+---

last-tested

@@ -0,0 +1,4 @@
+------------------------------------
+Last tested: 15-10-2025 (DD-MM-YYYY)
+Environment: Ubuntu Server 24.04 LTS
+------------------------------------

mariadbinstall

@@ -0,0 +1,178 @@
+#!/usr/bin/env bash
+
+# Author        : Allan Christensen
+# First Created : 05012022 (DD-MM-YYYY)
+# Description   : Installs MariaDB with socket auth on Ubuntu 24.04
+# License       : MIT License (see LICENSE file for details)
+
+#
+# Are we root
+#
+if [[ $(id -u) -ne 0 ]]; then echo "" && echo "Must be root or use sudo" && echo "" ; exit 1 ; fi
+
+#
+# Define variables
+#
+mariaconfig="/etc/mysql/mariadb.conf.d/50-server.cnf"
+
+#
+# Function to check if a service is already running or not
+#
+serviceyes () { printf "\n%s" $service ; printf " is already running cannot continue...\n\n"; }
+servicealive () { status=$(systemctl is-active $service); if [[ "$status" == "active" ]]; then serviceyes ; exit 1; fi; }
+
+#
+# Function usage
+#
+usage () {
+printf -- "\nmariadbinstall\n\n"
+printf -- "Installs and configures MariaDB on Ubuntu 24.04\n"
+printf -- "Note: Must be run as root or using sudo\n\n"
+printf -- "Usage:\n"
+printf -- "  sudo ./mariadbinstall -u <adminuser> -p <password>\n"
+printf -- "  sudo ./mariadbinstall -h   (help screen)\n\n"
+printf -- "Example:\n"
+printf -- "  sudo ./mariadbinstall -u adminuser -p strongpass\n\n"
+}
+
+#
+# If MariaDB is already running then die
+#
+service="mariadb" ; servicealive
+
+#
+# Let's go
+#
+clear
+
+#
+# Check if no arguments were given or if -u og -p is missing or malformed
+#
+if [[ $# -eq 0 ]]; then usage ; printf "ERROR: -u and -p REQUIRED!\n\n" ; exit 1 ; fi   
+
+#
+# Parse arguments
+#
+while [[ $# -gt 0 ]]; do
+    case "$1" in
+        -u)
+            shift
+            if [[ -z "$1" ]]; then
+                usage
+                printf "ERROR: USERNAME CANNOT BE EMPTY!\n\n"
+                exit 1
+            fi
+            adminuser="$1"
+            shift
+            ;;
+        -p)
+            shift
+            if [[ -z "$1" ]]; then
+                usage
+                printf "ERROR: PASSWORD CANNOT BE EMPTY!\n\n"
+                exit 1
+            fi
+            adminpwd="$1"
+            shift
+            ;;
+        -h)
+            usage
+            exit 0
+            ;;
+        *)
+            usage
+            printf "\nType: sudo %s -h for help\n\n" "$0"
+            exit 1
+            ;;
+    esac
+done
+
+#
+# Final sanity check
+#
+if [[ -z "$adminuser" || -z "$adminpwd" ]]; then usage ; printf "\nERROR: Both -u and -p arguments are mandatory!\n\n" ; exit 1 ; fi
+
+#
+# Username: only allow a-zA-Z0-9_.-
+#
+if [[ ! "$adminuser" =~ ^[a-zA-Z0-9_.-]+$ ]]; then
+    printf "\nERROR: Username contains invalid characters.\n"
+    printf "Allowed characters: letters, digits, dot (.), underscore (_), and dash (-)\n\n"
+    exit 1
+fi
+
+#
+# Password: disallow spaces and backslashes, warn about weak passwords
+#
+if [[ "$adminpwd" =~ [[:space:]] ]]; then
+    printf "\nERROR: Password cannot contain spaces.\n\n"
+    exit 1
+fi
+if [[ "$adminpwd" =~ [\\] ]]; then
+    printf "\nERROR: Password cannot contain backslashes (\\).\n\n"
+    exit 1
+fi
+
+#
+# Install MariaDB
+#
+apt install -y mariadb-server mariadb-client
+
+#
+# Setting up error log comment this out if you don't need error log
+#
+sed -i '/#log_error = \/var\/log\/mysql\/error.log/ s/^.//' "$mariaconfig"
+
+#
+# Apply MariaDB hardening (non-interactive, safe for socket auth)
+#
+mysql --force 2>/dev/null <<'EOF'
+-- Remove anonymous users
+DELETE FROM mysql.global_priv WHERE User='';
+
+-- Remove remote root access
+DELETE FROM mysql.global_priv WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
+
+-- Drop test database
+DROP DATABASE IF EXISTS test;
+
+-- Remove test DB privileges
+DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';
+
+-- Apply changes
+FLUSH PRIVILEGES;
+EOF
+
+#
+# Create admin user root remains socket-authenticated by default 
+#
+mysql --force 2>/dev/null <<EOF
+CREATE USER IF NOT EXISTS '${adminuser}'@'localhost' IDENTIFIED BY '${adminpwd}';
+GRANT ALL PRIVILEGES ON *.* TO '${adminuser}'@'localhost' WITH GRANT OPTION;
+FLUSH PRIVILEGES;
+EOF
+
+#
+# Restart MariaDB
+#
+systemctl restart mariadb
+
+#
+# Save credentials root only
+#
+secretfile="/root/MARIADBSECRET" ; printf "Admin User : %s\nAdmin Pass : %s\n" "$adminuser" "$adminpwd" > "$secretfile" ; chmod 400 "$secretfile"
+
+#
+# All done
+#
+printf "\nAll Done...\n\n"
+printf -- "--------------------------------------------\n"
+printf " Admin User  : %s\n" "$adminuser"
+printf " Admin Pass  : %s\n" "$adminpwd"
+printf -- "--------------------------------------------\n\n"
+printf "Credentials have been saved to: %s\n" "$secretfile"
+printf "Make sure to DELETE this once you are ready!\n\n"
+
+#
+# End of script
+#