database/mariadb-ubuntu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

latest commit

Browse Source
This commit is contained in:
allan
2025-12-19 14:52:14 +01:00
commit 3f36f2abed
4 changed files with 292 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
LICENSE Normal file
View File

@@ -0,0 +1,21 @@
MIT License
Copyright (c) 2025 Allan Christensen
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

82
README.md Normal file
View File

@@ -0,0 +1,82 @@
# MariaDB for Ubuntu 24.04 Server
[![OS](https://img.shields.io/badge/ubuntu-24.04-E95420)](#)
[![Shell](https://img.shields.io/badge/shell-bash-121011)](#)
[![DB](https://img.shields.io/badge/server-mariadb-003545)](#)
[![Auth](https://img.shields.io/badge/auth-socket-blue)](#)
[![License](https://img.shields.io/badge/License-MIT-green)](./LICENSE)
Install MariaDB on Ubuntu 24.04 server.
This is not a demo and not a quick experiment.
This is a production-ready installer with consistent security and repeatability.
## Why this installer exists
The default MariaDB setup is easy — securing it properly is where most installations fail.
## What this installer does
✔ Enables root socket authentication
✔ Blocks remote login by default
✔ Creates admin account automatically
✔ Mirrors mysql_secure_installation hardening
✔ Supports optional password mode
✔ Safe to re-run without data loss
## What this installer does *NOT* do
It wont stop you from running the script without reading the documentation like theres no tomorrow.
Skip the README, and whatever happens next is your headache, not a bug report.
## 1. Prepare the system
```
sudo apt update -y
```
## 2. Download the installer
```
git clone https://git.x-files.dk/database/mariadb-ubuntu.git
```
```
cd mariadb-ubuntu
```
## 3. Run the installer
```
sudo ./mariadbinstall -u <adminuser> -p <password>
```
Example:
```
sudo ./mariadbinstall -u mydbuser -p "StrongPassword123"
```
> **IMPORTANT**
> Wrap the password in quotes if it contains special symbols.
## Switch to password authentication (optional)
```
sudo mariadb
ALTER USER 'root'@'localhost' IDENTIFIED BY 'YourStrongPasswordHere';
FLUSH PRIVILEGES;
```
## Verification
```
mariadb -u <adminuser> -p -e "SELECT VERSION();"
```
### More Information
More guides and documentation can be found on [wiki.x-files.dk](https://wiki.x-files.dk)
---
### License
Licensed under the [MIT License](./LICENSE).
---

4
last-tested Normal file
View File

@@ -0,0 +1,4 @@
------------------------------------
Last tested: 19-12-2025 (DD-MM-YYYY)
Environment: Ubuntu Server 24.04 LTS
------------------------------------

185
mariadbinstall Executable file
View File

@@ -0,0 +1,185 @@
#!/usr/bin/env bash
# Author : Allan Christensen
# First Created : 05-01-2022 (DD-MM-YYYY)
# Description : Installs MariaDB with socket auth on Ubuntu 24.04
# License : MIT License
#
# Are we root
#
if [[ $(id -u) -ne 0 ]]; then echo "" && echo "Must be root or use sudo" && echo "" ; exit 1 ; fi
#
# Check if services are already running
#
for svc in mariadb; do if systemctl is-active --quiet "$svc"; then printf "\n%s is already running, cannot continue...\n\n" "${svc^}" ; exit 1 ; fi ; done
#
# Define variables
#
mariaconfig="/etc/mysql/mariadb.conf.d/50-server.cnf"
#
# Function usage
#
usage () {
printf -- "\nmariadbinstall\n\n"
printf -- "Installs and configures MariaDB on Ubuntu 24.04\n"
printf -- "Note: Must be run as root or using sudo\n\n"
printf -- "Usage:\n"
printf -- " sudo ./mariadbinstall -u <adminuser> -p <password>\n"
printf -- " sudo ./mariadbinstall -h (help screen)\n\n"
printf -- "Example:\n"
printf -- " sudo ./mariadbinstall -u adminuser -p strongpass\n\n"
}
#
# Let's go
#
clear
#
# Check if no arguments were given or if -u or -p is missing or malformed
#
if [[ $# -eq 0 ]]; then usage ; printf "ERROR: -u and -p REQUIRED!\n\n" ; exit 1 ; fi
#
# Parse arguments
#
while [[ $# -gt 0 ]]; do
case "$1" in
-u)
shift
if [[ -z "$1" ]]; then
usage
printf "ERROR: USERNAME CANNOT BE EMPTY!\n\n"
exit 1
fi
adminuser="$1"
shift
;;
-p)
shift
if [[ -z "$1" ]]; then
usage
printf "ERROR: PASSWORD CANNOT BE EMPTY!\n\n"
exit 1
fi
adminpwd="$1"
shift
;;
-h)
usage
exit 0
;;
*)
usage
printf "\nType: sudo %s -h for help\n\n" "$0"
exit 1
;;
esac
done
#
# Final sanity check
#
if [[ -z "$adminuser" || -z "$adminpwd" ]]; then usage ; printf "\nERROR: Both -u and -p arguments are mandatory!\n\n" ; exit 1 ; fi
#
# Prevent overriding root socket authentication
#
if [[ "$adminuser" == "root" ]]; then
printf "\nERROR: The root user already exists and uses socket authentication.\n"
printf "Do not assign a password to it — this would break socket login.\n"
printf "Use a different username (e.g., admin, dbadmin, or anything else).\n\n"
exit 1
fi
#
# Username should only allow a-zA-Z0-9_.-
#
if [[ ! "$adminuser" =~ ^[a-zA-Z0-9_.-]+$ ]]; then
printf "\nERROR: Username contains invalid characters.\n"
printf "Allowed characters: letters, digits, dot (.), underscore (_), and dash (-)\n\n"
exit 1
fi
#
# Password disallow spaces and backslashes
#
if [[ "$adminpwd" =~ [[:space:]] ]]; then
printf "\nERROR: Password cannot contain spaces.\n\n"
exit 1
fi
if [[ "$adminpwd" =~ [\\] ]]; then
printf "\nERROR: Password cannot contain backslashes (\\).\n\n"
exit 1
fi
#
# Install MariaDB
#
apt install -y mariadb-server mariadb-client
#
# Setting up error log comment this out if you don't need error log
#
logdir="/var/log/mysql"
if [[ ! -d "$logdir" ]]; then mkdir -m 2750 "$logdir" ; chown mysql:mysql "$logdir" ; fi
sed -i '/#log_error = \/var\/log\/mysql\/error.log/ s/^.//' "$mariaconfig"
#
# Apply MariaDB hardening (non-interactive, safe for socket auth)
#
mysql --force 2>/dev/null <<'EOF'
-- Remove anonymous users
DELETE FROM mysql.global_priv WHERE User='';
-- Remove remote root access
DELETE FROM mysql.global_priv WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
-- Drop test database
DROP DATABASE IF EXISTS test;
-- Remove test DB privileges
DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';
-- Apply changes
FLUSH PRIVILEGES;
EOF
#
# Create admin user root remains socket-authenticated by default
#
mysql --force 2>/dev/null <<EOF
CREATE USER IF NOT EXISTS '${adminuser}'@'localhost' IDENTIFIED BY '${adminpwd}';
GRANT ALL PRIVILEGES ON *.* TO '${adminuser}'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EOF
#
# Restart MariaDB
#
systemctl restart mariadb
#
# Save credentials root only
#
secretfile="/root/MARIADBSECRET" ; printf "Admin User : %s\nAdmin Pass : %s\n" "$adminuser" "$adminpwd" > "$secretfile" ; chmod 400 "$secretfile"
#
# All done
#
printf "\nAll Done...\n\n"
printf -- "--------------------------------------------\n"
printf " Admin User : %s\n" "$adminuser"
printf " Admin Pass : %s\n" "$adminpwd"
printf -- "--------------------------------------------\n\n"
printf "Credentials have been saved to: %s\n" "$secretfile"
printf "Make sure to DELETE this once you are ready!\n\n"
#
# End of script
#