#!/usr/bin/env bash # Author : Allan Christensen # First Created : 05012022 (DD-MM-YYYY) # Description : Installs MariaDB with socket auth on Ubuntu 24.04 # License : MIT License (see LICENSE file for details) # # Are we root # if [[ $(id -u) -ne 0 ]]; then echo "" && echo "Must be root or use sudo" && echo "" ; exit 1 ; fi # # Check if services are allready running # for svc in mariadb; do if systemctl is-active --quiet "$svc"; then printf "\n%s is already running, cannot continue...\n\n" "${svc^}" ; exit 1 ; fi ; done # # Define variables # mariaconfig="/etc/mysql/mariadb.conf.d/50-server.cnf" # # Function usage # usage () { printf -- "\nmariadbinstall\n\n" printf -- "Installs and configures MariaDB on Ubuntu 24.04\n" printf -- "Note: Must be run as root or using sudo\n\n" printf -- "Usage:\n" printf -- " sudo ./mariadbinstall -u -p \n" printf -- " sudo ./mariadbinstall -h (help screen)\n\n" printf -- "Example:\n" printf -- " sudo ./mariadbinstall -u adminuser -p strongpass\n\n" } # # Let's go # clear # # Check if no arguments were given or if -u og -p is missing or malformed # if [[ $# -eq 0 ]]; then usage ; printf "ERROR: -u and -p REQUIRED!\n\n" ; exit 1 ; fi # # Parse arguments # while [[ $# -gt 0 ]]; do case "$1" in -u) shift if [[ -z "$1" ]]; then usage printf "ERROR: USERNAME CANNOT BE EMPTY!\n\n" exit 1 fi adminuser="$1" shift ;; -p) shift if [[ -z "$1" ]]; then usage printf "ERROR: PASSWORD CANNOT BE EMPTY!\n\n" exit 1 fi adminpwd="$1" shift ;; -h) usage exit 0 ;; *) usage printf "\nType: sudo %s -h for help\n\n" "$0" exit 1 ;; esac done # # Final sanity check # if [[ -z "$adminuser" || -z "$adminpwd" ]]; then usage ; printf "\nERROR: Both -u and -p arguments are mandatory!\n\n" ; exit 1 ; fi # # Prevent overriding root socket authentication # if [[ "$adminuser" == "root" ]]; then printf "\nERROR: The root user already exists and uses socket authentication.\n" printf "Do not assign a password to it — this would break socket login.\n" printf "Use a different username (e.g., admin, dbadmin, or anything else).\n\n" exit 1 fi # # Username: only allow a-zA-Z0-9_.- # if [[ ! "$adminuser" =~ ^[a-zA-Z0-9_.-]+$ ]]; then printf "\nERROR: Username contains invalid characters.\n" printf "Allowed characters: letters, digits, dot (.), underscore (_), and dash (-)\n\n" exit 1 fi # # Password: disallow spaces and backslashes, warn about weak passwords # if [[ "$adminpwd" =~ [[:space:]] ]]; then printf "\nERROR: Password cannot contain spaces.\n\n" exit 1 fi if [[ "$adminpwd" =~ [\\] ]]; then printf "\nERROR: Password cannot contain backslashes (\\).\n\n" exit 1 fi # # Install MariaDB # apt install -y mariadb-server mariadb-client # # Setting up error log comment this out if you don't need error log # logdir="/var/log/mysql" if [[ ! -d "$logdir" ]]; then mkdir -m 2750 "$logdir" ; chown mysql:mysql "$logdir" ; fi sed -i '/#log_error = \/var\/log\/mysql\/error.log/ s/^.//' "$mariaconfig" # # Apply MariaDB hardening (non-interactive, safe for socket auth) # mysql --force 2>/dev/null <<'EOF' -- Remove anonymous users DELETE FROM mysql.global_priv WHERE User=''; -- Remove remote root access DELETE FROM mysql.global_priv WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1'); -- Drop test database DROP DATABASE IF EXISTS test; -- Remove test DB privileges DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%'; -- Apply changes FLUSH PRIVILEGES; EOF # # Create admin user root remains socket-authenticated by default # mysql --force 2>/dev/null < "$secretfile" ; chmod 400 "$secretfile" # # All done # printf "\nAll Done...\n\n" printf -- "--------------------------------------------\n" printf " Admin User : %s\n" "$adminuser" printf " Admin Pass : %s\n" "$adminpwd" printf -- "--------------------------------------------\n\n" printf "Credentials have been saved to: %s\n" "$secretfile" printf "Make sure to DELETE this once you are ready!\n\n" # # End of script #