initial commit

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Allan Christensen
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,197 @@
+# MySQL for Ubuntu 24.04 Server
+[![OS](https://img.shields.io/badge/ubuntu-24.04-E95420)](#)
+[![Shell](https://img.shields.io/badge/shell-bash-121011)](#)
+[![MySQL](https://img.shields.io/badge/db-mysql-4479A1)](#)
+[![Auth](https://img.shields.io/badge/auth-no_socket-blue)](#)
+[![License](https://img.shields.io/badge/License-MIT-green)](./LICENSE)
+
+Automated Bash installer for **MySQL on Ubuntu 24.04**, configured for password-only authentication  
+(no `auth_socket`, no silent root login, no surprises).
+
+This is a **production-focused installer**, not a lab toy.  
+Run it once → MySQL is installed, hardened, and ready for real workloads.
+
+---
+
+## What this installer does
+
+✔ Installs MySQL Server + Client  
+✔ Forces **password authentication for root** (`mysql_native_password`)  
+✔ Removes anonymous users and the test database  
+✔ Disables remote root access  
+✔ Creates `/root/.my.cnf` for passwordless root CLI access  
+✔ Runs non-interactively (no `mysql_secure_installation` wizard)  
+✔ Safe to re-run — existing data is not dropped
+
+---
+
+## Requirements
+
+You need:
+
+✔ Ubuntu 24.04 Server (or equivalent)  
+✔ Root access (direct or via `sudo`)  
+✔ No existing MySQL service already running
+
+If MySQL is already running, the script will exit to avoid damaging an existing installation.
+
+---
+
+## 1. Prepare the system
+
+```
+sudo apt update -y
+```
+
+---
+
+## 2. Download the installer
+
+``` 
+git clone https://git.x-files.dk/database/mysql-ubuntu.git
+cd mysql-ubuntu
+```
+
+---
+
+## 3. Install MySQL
+
+``` 
+sudo ./mysqlinstall -p <rootpassword>
+```
+
+Example:
+
+``` 
+sudo ./mysqlinstall -p StrongRootPass1986
+```
+
+The `-p` flag is **required**. If omitted, the script exits with an error.
+
+---
+
+## Authentication Mode (Default)
+
+This installer configures MySQL to use **password-based authentication only** for the `root` user.
+
+| Mode | Status | Notes |
+|---|---|---|
+| `mysql_native_password` | ✔ Enabled | Root must use a password |
+| `auth_socket`           | ✘ Disabled | No implicit root login via socket |
+
+This makes MySQL easier to use with:
+
+- GUI tools (DBeaver, HeidiSQL, etc.)  
+- Remote automation (Ansible, backup scripts)  
+- Other services that expect TCP + password auth
+
+---
+
+## Security Hardening (Automatic)
+
+The script applies hardening equivalent to `mysql_secure_installation`:
+
+| Task | Status |
+|---|---|
+| Remove anonymous users | ✔ |
+| Disallow remote root login | ✔ |
+| Drop `test` database | ✔ |
+| Remove `test_%` databases | ✔ |
+| Flush privileges | ✔ |
+
+---
+
+## Post‑Install Login
+
+Because `/root/.my.cnf` is created, you can log in as root with:
+
+``` 
+mysql
+```
+
+Or explicitly:
+
+``` 
+mysql -u root -p
+```
+
+Credentials file:
+
+``` 
+/root/.my.cnf
+```
+
+File mode is set to `400` (root read‑only).
+
+---
+
+## Switching Authentication Modes
+
+### 1. Switch back to socket authentication (optional)
+
+If you prefer the default Ubuntu‑style **socket auth** for root (no password when local), run:
+
+``` 
+sudo mysql
+ALTER USER 'root'@'localhost' IDENTIFIED WITH auth_socket;
+FLUSH PRIVILEGES;
+```
+
+After this:
+
+``` 
+mysql          # works without password (as root on the server)
+mysql -p       # will fail unless you set a password again
+```
+
+Because this installer created `/root/.my.cnf`, you should **remove it** when switching back to socket auth to avoid confusing clients and tools:
+
+``` 
+rm -f /root/.my.cnf
+```
+
+Otherwise, tools that rely on `/root/.my.cnf` may try password auth while MySQL expects socket auth, leading to login errors.
+
+### 2. Switch from socket auth back to password auth
+
+If you later decide to restore password‑based login again:
+
+``` 
+sudo mysql
+ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'YourNewPasswordHere';
+FLUSH PRIVILEGES;
+```
+
+Then recreate `/root/.my.cnf` if desired:
+
+``` 
+cat > /root/.my.cnf <<EOF
+[client]
+user=root
+password=YourNewPasswordHere
+EOF
+
+chmod 400 /root/.my.cnf
+```
+
+---
+
+## Troubleshooting
+
+| Issue | Cause | Fix |
+|---|---|---|
+| Script exits: “MySQL is already running” | Existing MySQL install detected | Stop/remove old instance or migrate manually |
+| `Access denied for user 'root'@'localhost'` | Wrong root password used | Restart MySQL in safe mode and reset password |
+| Tools fail after switching to socket auth | `/root/.my.cnf` still present | Remove `/root/.my.cnf` or switch back to password auth |
+| Cannot connect from remote host as root | Remote root login disabled | Create a dedicated admin user for remote access |
+
+---
+
+### More Information
+
+More guides and documentation can be found on [wiki.x-files.dk](https://wiki.x-files.dk)
+
+---
+
+### License
+Licensed under the [MIT License](./LICENSE).

last-tested

@@ -0,0 +1,4 @@
+------------------------------------
+Last tested: 28-11-2025 (DD-MM-YYYY)
+Environment: Ubuntu Server 24.04 LTS
+------------------------------------

mysqlinstall

@@ -0,0 +1,130 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: MIT
+
+# Author        : Allan Christensen
+# First Created : 08072021 (DD-MM-YYYY)
+# Description   : Installs MySQL on Ubuntu 24.04 using PASSWORD authentication
+# License       : MIT License (see LICENSE file for details)
+
+#
+# Are we root
+#
+if [[ $(id -u) -ne 0 ]]; then echo "" && echo "Must be root or use sudo" && echo "" ; exit 1 ; fi
+
+#
+# Check if services are already running
+#
+for svc in mysql; do if systemctl is-active --quiet "$svc"; then printf "\n%s is already running, cannot continue...\n\n" "${svc^}" ; exit 1 ; fi ; done
+
+#
+# Define variables
+#
+mysqlconfig="/etc/mysql/mysql.conf.d/mysqld.cnf"
+
+#
+# Function usage
+#
+usage () {
+printf -- "\nmysqlinstall\n\n"
+printf -- "Installs and configures MySQL on Ubuntu 24.04\n"
+printf -- "Note: Must be run as root or using sudo\n\n"
+printf -- "Root authentication = PASSWORD (no socket auth)\n\n"
+printf -- "Usage:\n"
+printf -- "  sudo ./mysqlinstall -p <rootpassword>\n"
+printf -- "  sudo ./mysqlinstall -h (help)\n\n"
+printf -- "Example:\n"
+printf -- "  sudo ./mysqlinstall -p SuperSecret123\n\n"
+}
+
+clear
+
+#
+# Argument check
+#
+if [[ $# -eq 0 ]]; then usage ; printf "ERROR: -p REQUIRED!\n\n" ; exit 1 ; fi
+
+while [[ $# -gt 0 ]]; do
+    case "$1" in
+        -p)
+            shift
+            [[ -z "$1" ]] && usage && printf "ERROR: ROOT PASSWORD REQUIRED!\n\n" && exit 1
+            rootpwd="$1"
+            shift
+            ;;
+        -h)
+            usage ; exit 0 ;;
+        *)
+            usage ; printf "\nType: sudo %s -h for help\n\n" "$0" ; exit 1 ;;
+    esac
+done
+
+#
+# Final sanity check
+#
+if [[ -z "$rootpwd" ]]; then usage ; printf "\nERROR: Missing -p <rootpassword>\n\n" ; exit 1 ; fi
+
+#
+# Password: disallow spaces and backslashes, warn about weak passwords
+#
+if [[ "$rootpwd" =~ [[:space:]] ]]; then
+    printf "\nERROR: Password cannot contain spaces.\n\n"
+    exit 1
+fi
+if [[ "$rootpwd" =~ [\\] ]]; then
+    printf "\nERROR: Password cannot contain backslashes (\\).\n\n"
+    exit 1
+fi
+
+#
+# Install MySQL
+#
+apt install -y mysql-server mysql-client 
+
+#
+# Configure MySQL authentication (native password, no socket auth)
+#
+mysql --execute="ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '${rootpwd}'; FLUSH PRIVILEGES;"
+
+#
+# Harden MySQL installation
+#
+mysql -u root -p"${rootpwd}" <<'EOF'
+-- Remove anonymous users
+DELETE FROM mysql.user WHERE User='';
+
+-- Remove remote root access
+DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
+
+-- Drop test database
+DROP DATABASE IF EXISTS test;
+
+-- Remove test DB privileges
+DELETE FROM mysql.db WHERE Db='test' OR Db LIKE 'test_%';
+
+-- Apply changes
+FLUSH PRIVILEGES;
+EOF
+
+#
+# Create /root/.my.cnf
+#
+cat > /root/.my.cnf <<EOF
+[client]
+user=root
+password=${rootpwd}
+EOF
+
+chmod 400 /root/.my.cnf
+
+#
+# All done
+#
+printf "\nAll Done...\n\n"
+printf -- "--------------------------------------------\n"
+printf " Root Password : %s\n" "$rootpwd"
+printf -- "--------------------------------------------\n\n"
+printf ".my.cnf has been created for passwordless login.\n\n"
+
+#
+# End of script
+#