diff --git a/mariadbinstall b/mariadbinstall index 377671e..128926a 100755 --- a/mariadbinstall +++ b/mariadbinstall @@ -12,16 +12,16 @@ if [[ $(id -u) -ne 0 ]]; then echo "" && echo "Must be root or use sudo" && echo # Are we in the right directory # scriptdir="mariadb-install" && whereami=$(pwd |awk -F'/' '{print $NF}') -if [ $whereami != $scriptdir ] ; then printf "\nWrong directory! Script must be run from $scriptdir\n\n" ; exit 1; fi +if [ "$whereami" != "$scriptdir" ]; then printf "\nWrong directory! Script must be run from %s\n\n" "$scriptdir"; exit 1; fi # # Define variables # -line (){ for i in {1..50}; do echo -n "$1" ; done && printf "\n"; } +line () { printf -- '-%.0s' {1..50}; printf '\n'; } mariaconfig="/etc/mysql/mariadb.conf.d/50-server.cnf" # # Function to check if a service is already running or not # -serviceyes () { printf "\n$service is allready running cannot continue...\n\n"; } +serviceyes () { printf "\n%s" $service ; printf " is allready running cannot continue...\n\n"; } servicealive () { status=$(systemctl is-active $service); if [[ "$status" == "active" ]]; then serviceyes ; exit; fi; } # # Function title @@ -30,17 +30,17 @@ title () { printf "\nMariaDB install script V1.4\n\n"; } # # Function usage # -usage () { clear ; printf -- "\n" -printf -- "${bold}mariadbinstall${normal} \n\n" -printf -- "${bold}Usage:${normal} \n" +usage () { clear ; printf -- "\n" +printf -- "mariadbinstall \n\n" +printf -- "Usage: \n" printf -- "./mariadbinstall [-p] \n" printf -- " [-help] \n\n" -printf -- "${bold}Examples:${normal} \n" +printf -- "Examples: \n" printf -- "./mariadbinstall -p mysecretpasswd \n\n"; } # # Function check if empty password was entered # -passwordcheck () { if [[ -z "$masterpwd" ]] ; then printf "ERROR PASSWORD IS EMPTY...\n\n" ; exit; fi; } +passwordcheck () { if [[ -z "$masterpwd" ]] ; then usage ; printf "ERROR PASSWORD IS EMPTY...\n\n" ; exit; fi; } # # If MariaDB is allready running then die # @@ -48,7 +48,10 @@ service="mariadb" ; servicealive # # Configure command line options # -if [[ ! $@ =~ ^\-.+ ]]; then usage; fi + +# Removed due to SC2199 and not really needed start +# if [[ ! $@ =~ ^\-.+ ]]; then usage; fi +# Removed due to SC2199 and not really needed stop while getopts "p:h:" option; do case $option in @@ -60,7 +63,8 @@ while getopts "p:h:" option; do usage ; exit;; \?) # invalid option - printf "Type $0 -help for help\n\n" ; exit;; + # printf "Type $0 -help for help\n\n" ; exit;; + printf "\nType sudo " ; printf "%s" "$0" ; printf " -help for help\n\n" ; exit;; esac done # @@ -72,11 +76,6 @@ passwordcheck # clear ; title # -# Create backup directory for files we are going to modify -# -backupdir="/root/pre-install" && mkdir -p $backupdir -echo "Backup of original files before modifying them" > $backupdir/README -# # Custom configuration # customconf=" @@ -93,39 +92,21 @@ user=root password=$masterpwd " # -# Answer file for Expect MySql secure installation +# MySql hardening # postinstall=" -SECURE_MYSQL=\$(expect -c \" -set timeout 10 -spawn mysql_secure_installation -expect \\\"Enter current password for root (enter for none):\\\" -send \\\"\\r\\\" -expect \\\"Switch to unix_socket authentication\\\" -send \\\"n\\r\\\" -expect \\\"Change the root password?\\\" -send \\\"Y\\r\\\" -expect \\\"New password:\\\" -send \\\"$masterpwd\\r\\\" -expect \\\"Re-enter new password:\\\" -send \\\"$masterpwd\\r\\\" -expect \\\"Remove anonymous users?\\\" -send \\\"Y\\r\\\" -expect \\\"Disallow root login remotely?\\\" -send \\\"Y\\r\\\" -expect \\\"Remove test database and access to it?\\\" -send \\\"Y\\r\\\" -expect \\\"Reload privilege tables now?\\\" -send \\\"Y\\r\\\" -expect eof -\") -echo \"\$SECURE_MYSQL\" > secureresult +DELETE FROM mysql.global_priv WHERE User=''; +DELETE FROM mysql.global_priv WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1'); +DROP DATABASE IF EXISTS test; +DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'; +FLUSH PRIVILEGES; +ALTER USER 'root'@'localhost' IDENTIFIED BY '$masterpwd'; " +printf '%s\n' "${postinstall[@]}" |sed '1d; $d' > postinstall.sql # -# Install and configure MariaDB we use expect for the mysql secure installation +# Install and configure MariaDB # apt install -y mariadb-server mariadb-client -cp -Rp $mariaconfig $backupdir sed -i 's/127.0.0.1/0.0.0.0/' $mariaconfig printf '%s\n' "${customconf[@]}" |sed '$d' > customconf sed -i "/0.0.0.0/r customconf" $mariaconfig @@ -135,17 +116,15 @@ printf '%s\n' "${myconf[@]}" |sed '1d; $d' > /root/.my.cnf && chmod 400 /root/.m # sed -i '/#log_error = \/var\/log\/mysql\/error.log/ s/^.//' $mariaconfig # -# Install Expect and run mysql_secure_installation +# MySql apply hardening # -apt install -y expect -printf '%s\n' "${postinstall[@]}" |sed '1d; $d' > postinstall -source postinstall +mysql < postinstall.sql systemctl restart mariadb # -# Display output of mysql_secure_installation and clean up +# Clean up and display output # -clear ; cat secureresult |sed '1d; $d' ; printf "\n" ; line '-' ; printf "All Done...\n" ; line '-' ; printf "\n" -rm customconf postinstall secureresult +rm customconf postinstall.sql +clear ; printf "\n" ; line ; printf "All Done...\n" ; line ; printf "\n" # # End of script #