You've already forked mariadb-ubuntu
initial commit
This commit is contained in:
178
mariadbinstall
Executable file
178
mariadbinstall
Executable file
@@ -0,0 +1,178 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# Author : Allan Christensen
|
||||
# First Created : 05012022 (DD-MM-YYYY)
|
||||
# Description : Installs MariaDB with socket auth on Ubuntu 24.04
|
||||
# License : MIT License (see LICENSE file for details)
|
||||
|
||||
#
|
||||
# Are we root
|
||||
#
|
||||
if [[ $(id -u) -ne 0 ]]; then echo "" && echo "Must be root or use sudo" && echo "" ; exit 1 ; fi
|
||||
|
||||
#
|
||||
# Define variables
|
||||
#
|
||||
mariaconfig="/etc/mysql/mariadb.conf.d/50-server.cnf"
|
||||
|
||||
#
|
||||
# Function to check if a service is already running or not
|
||||
#
|
||||
serviceyes () { printf "\n%s" $service ; printf " is already running cannot continue...\n\n"; }
|
||||
servicealive () { status=$(systemctl is-active $service); if [[ "$status" == "active" ]]; then serviceyes ; exit 1; fi; }
|
||||
|
||||
#
|
||||
# Function usage
|
||||
#
|
||||
usage () {
|
||||
printf -- "\nmariadbinstall\n\n"
|
||||
printf -- "Installs and configures MariaDB on Ubuntu 24.04\n"
|
||||
printf -- "Note: Must be run as root or using sudo\n\n"
|
||||
printf -- "Usage:\n"
|
||||
printf -- " sudo ./mariadbinstall -u <adminuser> -p <password>\n"
|
||||
printf -- " sudo ./mariadbinstall -h (help screen)\n\n"
|
||||
printf -- "Example:\n"
|
||||
printf -- " sudo ./mariadbinstall -u adminuser -p strongpass\n\n"
|
||||
}
|
||||
|
||||
#
|
||||
# If MariaDB is already running then die
|
||||
#
|
||||
service="mariadb" ; servicealive
|
||||
|
||||
#
|
||||
# Let's go
|
||||
#
|
||||
clear
|
||||
|
||||
#
|
||||
# Check if no arguments were given or if -u og -p is missing or malformed
|
||||
#
|
||||
if [[ $# -eq 0 ]]; then usage ; printf "ERROR: -u and -p REQUIRED!\n\n" ; exit 1 ; fi
|
||||
|
||||
#
|
||||
# Parse arguments
|
||||
#
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case "$1" in
|
||||
-u)
|
||||
shift
|
||||
if [[ -z "$1" ]]; then
|
||||
usage
|
||||
printf "ERROR: USERNAME CANNOT BE EMPTY!\n\n"
|
||||
exit 1
|
||||
fi
|
||||
adminuser="$1"
|
||||
shift
|
||||
;;
|
||||
-p)
|
||||
shift
|
||||
if [[ -z "$1" ]]; then
|
||||
usage
|
||||
printf "ERROR: PASSWORD CANNOT BE EMPTY!\n\n"
|
||||
exit 1
|
||||
fi
|
||||
adminpwd="$1"
|
||||
shift
|
||||
;;
|
||||
-h)
|
||||
usage
|
||||
exit 0
|
||||
;;
|
||||
*)
|
||||
usage
|
||||
printf "\nType: sudo %s -h for help\n\n" "$0"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
#
|
||||
# Final sanity check
|
||||
#
|
||||
if [[ -z "$adminuser" || -z "$adminpwd" ]]; then usage ; printf "\nERROR: Both -u and -p arguments are mandatory!\n\n" ; exit 1 ; fi
|
||||
|
||||
#
|
||||
# Username: only allow a-zA-Z0-9_.-
|
||||
#
|
||||
if [[ ! "$adminuser" =~ ^[a-zA-Z0-9_.-]+$ ]]; then
|
||||
printf "\nERROR: Username contains invalid characters.\n"
|
||||
printf "Allowed characters: letters, digits, dot (.), underscore (_), and dash (-)\n\n"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
#
|
||||
# Password: disallow spaces and backslashes, warn about weak passwords
|
||||
#
|
||||
if [[ "$adminpwd" =~ [[:space:]] ]]; then
|
||||
printf "\nERROR: Password cannot contain spaces.\n\n"
|
||||
exit 1
|
||||
fi
|
||||
if [[ "$adminpwd" =~ [\\] ]]; then
|
||||
printf "\nERROR: Password cannot contain backslashes (\\).\n\n"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
#
|
||||
# Install MariaDB
|
||||
#
|
||||
apt install -y mariadb-server mariadb-client
|
||||
|
||||
#
|
||||
# Setting up error log comment this out if you don't need error log
|
||||
#
|
||||
sed -i '/#log_error = \/var\/log\/mysql\/error.log/ s/^.//' "$mariaconfig"
|
||||
|
||||
#
|
||||
# Apply MariaDB hardening (non-interactive, safe for socket auth)
|
||||
#
|
||||
mysql --force 2>/dev/null <<'EOF'
|
||||
-- Remove anonymous users
|
||||
DELETE FROM mysql.global_priv WHERE User='';
|
||||
|
||||
-- Remove remote root access
|
||||
DELETE FROM mysql.global_priv WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
|
||||
|
||||
-- Drop test database
|
||||
DROP DATABASE IF EXISTS test;
|
||||
|
||||
-- Remove test DB privileges
|
||||
DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';
|
||||
|
||||
-- Apply changes
|
||||
FLUSH PRIVILEGES;
|
||||
EOF
|
||||
|
||||
#
|
||||
# Create admin user root remains socket-authenticated by default
|
||||
#
|
||||
mysql --force 2>/dev/null <<EOF
|
||||
CREATE USER IF NOT EXISTS '${adminuser}'@'localhost' IDENTIFIED BY '${adminpwd}';
|
||||
GRANT ALL PRIVILEGES ON *.* TO '${adminuser}'@'localhost' WITH GRANT OPTION;
|
||||
FLUSH PRIVILEGES;
|
||||
EOF
|
||||
|
||||
#
|
||||
# Restart MariaDB
|
||||
#
|
||||
systemctl restart mariadb
|
||||
|
||||
#
|
||||
# Save credentials root only
|
||||
#
|
||||
secretfile="/root/MARIADBSECRET" ; printf "Admin User : %s\nAdmin Pass : %s\n" "$adminuser" "$adminpwd" > "$secretfile" ; chmod 400 "$secretfile"
|
||||
|
||||
#
|
||||
# All done
|
||||
#
|
||||
printf "\nAll Done...\n\n"
|
||||
printf -- "--------------------------------------------\n"
|
||||
printf " Admin User : %s\n" "$adminuser"
|
||||
printf " Admin Pass : %s\n" "$adminpwd"
|
||||
printf -- "--------------------------------------------\n\n"
|
||||
printf "Credentials have been saved to: %s\n" "$secretfile"
|
||||
printf "Make sure to DELETE this once you are ready!\n\n"
|
||||
|
||||
#
|
||||
# End of script
|
||||
#
|
||||
Reference in New Issue
Block a user