removed the need for expect was a bit silly anyway
This commit is contained in:
parent
8f333bca2f
commit
9685cf25e8
@ -12,16 +12,16 @@ if [[ $(id -u) -ne 0 ]]; then echo "" && echo "Must be root or use sudo" && echo
|
|||||||
# Are we in the right directory
|
# Are we in the right directory
|
||||||
#
|
#
|
||||||
scriptdir="mariadb-install" && whereami=$(pwd |awk -F'/' '{print $NF}')
|
scriptdir="mariadb-install" && whereami=$(pwd |awk -F'/' '{print $NF}')
|
||||||
if [ $whereami != $scriptdir ] ; then printf "\nWrong directory! Script must be run from $scriptdir\n\n" ; exit 1; fi
|
if [ "$whereami" != "$scriptdir" ]; then printf "\nWrong directory! Script must be run from %s\n\n" "$scriptdir"; exit 1; fi
|
||||||
#
|
#
|
||||||
# Define variables
|
# Define variables
|
||||||
#
|
#
|
||||||
line (){ for i in {1..50}; do echo -n "$1" ; done && printf "\n"; }
|
line () { printf -- '-%.0s' {1..50}; printf '\n'; }
|
||||||
mariaconfig="/etc/mysql/mariadb.conf.d/50-server.cnf"
|
mariaconfig="/etc/mysql/mariadb.conf.d/50-server.cnf"
|
||||||
#
|
#
|
||||||
# Function to check if a service is already running or not
|
# Function to check if a service is already running or not
|
||||||
#
|
#
|
||||||
serviceyes () { printf "\n$service is allready running cannot continue...\n\n"; }
|
serviceyes () { printf "\n%s" $service ; printf " is allready running cannot continue...\n\n"; }
|
||||||
servicealive () { status=$(systemctl is-active $service); if [[ "$status" == "active" ]]; then serviceyes ; exit; fi; }
|
servicealive () { status=$(systemctl is-active $service); if [[ "$status" == "active" ]]; then serviceyes ; exit; fi; }
|
||||||
#
|
#
|
||||||
# Function title
|
# Function title
|
||||||
@ -30,17 +30,17 @@ title () { printf "\nMariaDB install script V1.4\n\n"; }
|
|||||||
#
|
#
|
||||||
# Function usage
|
# Function usage
|
||||||
#
|
#
|
||||||
usage () { clear ; printf -- "\n"
|
usage () { clear ; printf -- "\n"
|
||||||
printf -- "${bold}mariadbinstall${normal} \n\n"
|
printf -- "mariadbinstall \n\n"
|
||||||
printf -- "${bold}Usage:${normal} \n"
|
printf -- "Usage: \n"
|
||||||
printf -- "./mariadbinstall [-p] <master password>\n"
|
printf -- "./mariadbinstall [-p] <master password>\n"
|
||||||
printf -- " [-help] <this screen> \n\n"
|
printf -- " [-help] <this screen> \n\n"
|
||||||
printf -- "${bold}Examples:${normal} \n"
|
printf -- "Examples: \n"
|
||||||
printf -- "./mariadbinstall -p mysecretpasswd \n\n"; }
|
printf -- "./mariadbinstall -p mysecretpasswd \n\n"; }
|
||||||
#
|
#
|
||||||
# Function check if empty password was entered
|
# Function check if empty password was entered
|
||||||
#
|
#
|
||||||
passwordcheck () { if [[ -z "$masterpwd" ]] ; then printf "ERROR PASSWORD IS EMPTY...\n\n" ; exit; fi; }
|
passwordcheck () { if [[ -z "$masterpwd" ]] ; then usage ; printf "ERROR PASSWORD IS EMPTY...\n\n" ; exit; fi; }
|
||||||
#
|
#
|
||||||
# If MariaDB is allready running then die
|
# If MariaDB is allready running then die
|
||||||
#
|
#
|
||||||
@ -48,7 +48,10 @@ service="mariadb" ; servicealive
|
|||||||
#
|
#
|
||||||
# Configure command line options
|
# Configure command line options
|
||||||
#
|
#
|
||||||
if [[ ! $@ =~ ^\-.+ ]]; then usage; fi
|
|
||||||
|
# Removed due to SC2199 and not really needed start
|
||||||
|
# if [[ ! $@ =~ ^\-.+ ]]; then usage; fi
|
||||||
|
# Removed due to SC2199 and not really needed stop
|
||||||
|
|
||||||
while getopts "p:h:" option; do
|
while getopts "p:h:" option; do
|
||||||
case $option in
|
case $option in
|
||||||
@ -60,7 +63,8 @@ while getopts "p:h:" option; do
|
|||||||
usage ; exit;;
|
usage ; exit;;
|
||||||
|
|
||||||
\?) # invalid option
|
\?) # invalid option
|
||||||
printf "Type $0 -help for help\n\n" ; exit;;
|
# printf "Type $0 -help for help\n\n" ; exit;;
|
||||||
|
printf "\nType sudo " ; printf "%s" "$0" ; printf " -help for help\n\n" ; exit;;
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
#
|
#
|
||||||
@ -72,11 +76,6 @@ passwordcheck
|
|||||||
#
|
#
|
||||||
clear ; title
|
clear ; title
|
||||||
#
|
#
|
||||||
# Create backup directory for files we are going to modify
|
|
||||||
#
|
|
||||||
backupdir="/root/pre-install" && mkdir -p $backupdir
|
|
||||||
echo "Backup of original files before modifying them" > $backupdir/README
|
|
||||||
#
|
|
||||||
# Custom configuration
|
# Custom configuration
|
||||||
#
|
#
|
||||||
customconf="
|
customconf="
|
||||||
@ -93,39 +92,21 @@ user=root
|
|||||||
password=$masterpwd
|
password=$masterpwd
|
||||||
"
|
"
|
||||||
#
|
#
|
||||||
# Answer file for Expect MySql secure installation
|
# MySql hardening
|
||||||
#
|
#
|
||||||
postinstall="
|
postinstall="
|
||||||
SECURE_MYSQL=\$(expect -c \"
|
DELETE FROM mysql.global_priv WHERE User='';
|
||||||
set timeout 10
|
DELETE FROM mysql.global_priv WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
|
||||||
spawn mysql_secure_installation
|
DROP DATABASE IF EXISTS test;
|
||||||
expect \\\"Enter current password for root (enter for none):\\\"
|
DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
|
||||||
send \\\"\\r\\\"
|
FLUSH PRIVILEGES;
|
||||||
expect \\\"Switch to unix_socket authentication\\\"
|
ALTER USER 'root'@'localhost' IDENTIFIED BY '$masterpwd';
|
||||||
send \\\"n\\r\\\"
|
|
||||||
expect \\\"Change the root password?\\\"
|
|
||||||
send \\\"Y\\r\\\"
|
|
||||||
expect \\\"New password:\\\"
|
|
||||||
send \\\"$masterpwd\\r\\\"
|
|
||||||
expect \\\"Re-enter new password:\\\"
|
|
||||||
send \\\"$masterpwd\\r\\\"
|
|
||||||
expect \\\"Remove anonymous users?\\\"
|
|
||||||
send \\\"Y\\r\\\"
|
|
||||||
expect \\\"Disallow root login remotely?\\\"
|
|
||||||
send \\\"Y\\r\\\"
|
|
||||||
expect \\\"Remove test database and access to it?\\\"
|
|
||||||
send \\\"Y\\r\\\"
|
|
||||||
expect \\\"Reload privilege tables now?\\\"
|
|
||||||
send \\\"Y\\r\\\"
|
|
||||||
expect eof
|
|
||||||
\")
|
|
||||||
echo \"\$SECURE_MYSQL\" > secureresult
|
|
||||||
"
|
"
|
||||||
|
printf '%s\n' "${postinstall[@]}" |sed '1d; $d' > postinstall.sql
|
||||||
#
|
#
|
||||||
# Install and configure MariaDB we use expect for the mysql secure installation
|
# Install and configure MariaDB
|
||||||
#
|
#
|
||||||
apt install -y mariadb-server mariadb-client
|
apt install -y mariadb-server mariadb-client
|
||||||
cp -Rp $mariaconfig $backupdir
|
|
||||||
sed -i 's/127.0.0.1/0.0.0.0/' $mariaconfig
|
sed -i 's/127.0.0.1/0.0.0.0/' $mariaconfig
|
||||||
printf '%s\n' "${customconf[@]}" |sed '$d' > customconf
|
printf '%s\n' "${customconf[@]}" |sed '$d' > customconf
|
||||||
sed -i "/0.0.0.0/r customconf" $mariaconfig
|
sed -i "/0.0.0.0/r customconf" $mariaconfig
|
||||||
@ -135,17 +116,15 @@ printf '%s\n' "${myconf[@]}" |sed '1d; $d' > /root/.my.cnf && chmod 400 /root/.m
|
|||||||
#
|
#
|
||||||
sed -i '/#log_error = \/var\/log\/mysql\/error.log/ s/^.//' $mariaconfig
|
sed -i '/#log_error = \/var\/log\/mysql\/error.log/ s/^.//' $mariaconfig
|
||||||
#
|
#
|
||||||
# Install Expect and run mysql_secure_installation
|
# MySql apply hardening
|
||||||
#
|
#
|
||||||
apt install -y expect
|
mysql < postinstall.sql
|
||||||
printf '%s\n' "${postinstall[@]}" |sed '1d; $d' > postinstall
|
|
||||||
source postinstall
|
|
||||||
systemctl restart mariadb
|
systemctl restart mariadb
|
||||||
#
|
#
|
||||||
# Display output of mysql_secure_installation and clean up
|
# Clean up and display output
|
||||||
#
|
#
|
||||||
clear ; cat secureresult |sed '1d; $d' ; printf "\n" ; line '-' ; printf "All Done...\n" ; line '-' ; printf "\n"
|
rm customconf postinstall.sql
|
||||||
rm customconf postinstall secureresult
|
clear ; printf "\n" ; line ; printf "All Done...\n" ; line ; printf "\n"
|
||||||
#
|
#
|
||||||
# End of script
|
# End of script
|
||||||
#
|
#
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user