#!/usr/bin/env bash # Author : Allan Christensen # First Created : 05012022 (DD-MM-YYYY) # Description : Installs MariaDB with socket auth on Ubuntu 24.04 # License : MIT License (see LICENSE file for details) # # Are we root # if [[ $(id -u) -ne 0 ]]; then echo "" && echo "Must be root or use sudo" && echo "" ; exit 1 ; fi # # Define variables # mariaconfig="/etc/mysql/mariadb.conf.d/50-server.cnf" # # Function to check if a service is already running or not # serviceyes () { printf "\n%s" $service ; printf " is already running cannot continue...\n\n"; } servicealive () { status=$(systemctl is-active $service); if [[ "$status" == "active" ]]; then serviceyes ; exit 1; fi; } # # Function usage # usage () { printf -- "\nmariadbinstall\n\n" printf -- "Installs and configures MariaDB on Ubuntu 24.04\n" printf -- "Note: Must be run as root or using sudo\n\n" printf -- "Usage:\n" printf -- " sudo ./mariadbinstall -u -p \n" printf -- " sudo ./mariadbinstall -h (help screen)\n\n" printf -- "Example:\n" printf -- " sudo ./mariadbinstall -u adminuser -p strongpass\n\n" } # # If MariaDB is already running then die # service="mariadb" ; servicealive # # Let's go # clear # # Check if no arguments were given or if -u og -p is missing or malformed # if [[ $# -eq 0 ]]; then usage ; printf "ERROR: -u and -p REQUIRED!\n\n" ; exit 1 ; fi # # Parse arguments # while [[ $# -gt 0 ]]; do case "$1" in -u) shift if [[ -z "$1" ]]; then usage printf "ERROR: USERNAME CANNOT BE EMPTY!\n\n" exit 1 fi adminuser="$1" shift ;; -p) shift if [[ -z "$1" ]]; then usage printf "ERROR: PASSWORD CANNOT BE EMPTY!\n\n" exit 1 fi adminpwd="$1" shift ;; -h) usage exit 0 ;; *) usage printf "\nType: sudo %s -h for help\n\n" "$0" exit 1 ;; esac done # # Final sanity check # if [[ -z "$adminuser" || -z "$adminpwd" ]]; then usage ; printf "\nERROR: Both -u and -p arguments are mandatory!\n\n" ; exit 1 ; fi # # Username: only allow a-zA-Z0-9_.- # if [[ ! "$adminuser" =~ ^[a-zA-Z0-9_.-]+$ ]]; then printf "\nERROR: Username contains invalid characters.\n" printf "Allowed characters: letters, digits, dot (.), underscore (_), and dash (-)\n\n" exit 1 fi # # Password: disallow spaces and backslashes, warn about weak passwords # if [[ "$adminpwd" =~ [[:space:]] ]]; then printf "\nERROR: Password cannot contain spaces.\n\n" exit 1 fi if [[ "$adminpwd" =~ [\\] ]]; then printf "\nERROR: Password cannot contain backslashes (\\).\n\n" exit 1 fi # # Install MariaDB # apt install -y mariadb-server mariadb-client # # Setting up error log comment this out if you don't need error log # sed -i '/#log_error = \/var\/log\/mysql\/error.log/ s/^.//' "$mariaconfig" # # Apply MariaDB hardening (non-interactive, safe for socket auth) # mysql --force 2>/dev/null <<'EOF' -- Remove anonymous users DELETE FROM mysql.global_priv WHERE User=''; -- Remove remote root access DELETE FROM mysql.global_priv WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1'); -- Drop test database DROP DATABASE IF EXISTS test; -- Remove test DB privileges DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'; -- Apply changes FLUSH PRIVILEGES; EOF # # Create admin user root remains socket-authenticated by default # mysql --force 2>/dev/null < "$secretfile" ; chmod 400 "$secretfile" # # All done # printf "\nAll Done...\n\n" printf -- "--------------------------------------------\n" printf " Admin User : %s\n" "$adminuser" printf " Admin Pass : %s\n" "$adminpwd" printf -- "--------------------------------------------\n\n" printf "Credentials have been saved to: %s\n" "$secretfile" printf "Make sure to DELETE this once you are ready!\n\n" # # End of script #