removed the need for expect was a bit silly anyway

2025-05-25 10:01:57 +00:00 · 2025-05-25 10:01:57 +00:00 · 9685cf25e8
commit 9685cf25e8
parent 8f333bca2f
1 changed files with 28 additions and 49 deletions
--- a/75
+++ b/75
@ -12,16 +12,16 @@ if [[ $(id -u) -ne 0 ]]; then echo "" && echo "Must be root or use sudo" && echo
 # Are we in the right directory
 #
 scriptdir="mariadb-install" && whereami=$(pwd |awk -F'/' '{print $NF}')
-if [ $whereami != $scriptdir ] ; then printf "\nWrong directory! Script must be run from $scriptdir\n\n" ; exit 1; fi
+if [ "$whereami" != "$scriptdir" ]; then printf "\nWrong directory! Script must be run from %s\n\n" "$scriptdir"; exit 1; fi
 #
 # Define variables
 #
-line (){ for i in {1..50}; do echo -n "$1" ; done && printf "\n"; }
+line () { printf -- '-%.0s' {1..50}; printf '\n'; }
 mariaconfig="/etc/mysql/mariadb.conf.d/50-server.cnf"
 #
 # Function to check if a service is already running or not
 #
-serviceyes () { printf "\n$service is allready running cannot continue...\n\n"; }
+serviceyes () { printf "\n%s" $service ; printf " is allready running cannot continue...\n\n"; }
 servicealive () { status=$(systemctl is-active $service); if [[ "$status" == "active" ]]; then serviceyes ; exit; fi; }
 #
 # Function title
@ -31,16 +31,16 @@ title () { printf "\nMariaDB install script V1.4\n\n"; }
 # Function usage
 #
 usage () { clear ; printf --                     "\n"
-printf -- "${bold}mariadbinstall${normal}       \n\n"
-printf -- "${bold}Usage:${normal}                 \n"
+printf -- "mariadbinstall                       \n\n"
+printf -- "Usage:                                 \n"
 printf -- "./mariadbinstall [-p] <master password>\n"
 printf -- "              [-help] <this screen>  \n\n"
-printf -- "${bold}Examples:${normal}              \n"
+printf -- "Examples:                              \n"
 printf -- "./mariadbinstall -p mysecretpasswd   \n\n"; }
 #
 # Function check if empty password was entered
 #
-passwordcheck () { if [[ -z "$masterpwd" ]] ; then printf "ERROR PASSWORD IS EMPTY...\n\n" ; exit; fi; }
+passwordcheck () { if [[ -z "$masterpwd" ]] ; then usage ; printf "ERROR PASSWORD IS EMPTY...\n\n" ; exit; fi; }
 #
 # If MariaDB is allready running then die
 #
@ -48,7 +48,10 @@ service="mariadb" ; servicealive
 #
 # Configure command line options
 #
-if [[ ! $@ =~ ^\-.+ ]]; then usage; fi
+
+# Removed due to SC2199 and not really needed start
+# if [[ ! $@ =~ ^\-.+ ]]; then usage; fi
+# Removed due to SC2199 and not really needed stop

 while getopts "p:h:" option; do
   case $option in
@ -60,7 +63,8 @@ while getopts "p:h:" option; do
         usage ; exit;;

     \?) # invalid option
-         printf "Type $0 -help for help\n\n" ; exit;;
+         # printf "Type $0 -help for help\n\n" ; exit;;
+         printf "\nType sudo " ; printf "%s" "$0" ; printf " -help for help\n\n" ; exit;;
   esac
 done
 #
@ -72,11 +76,6 @@ passwordcheck
 #
 clear ; title
 #
-# Create backup directory for files we are going to modify
-#
-backupdir="/root/pre-install" && mkdir -p $backupdir
-echo "Backup of original files before modifying them" > $backupdir/README
-#
 # Custom configuration
 #
 customconf="
@ -93,39 +92,21 @@ user=root
 password=$masterpwd
 "
 #
-# Answer file for Expect MySql secure installation
+# MySql hardening
 #
 postinstall="
-SECURE_MYSQL=\$(expect -c \"
-set timeout 10
-spawn mysql_secure_installation
-expect \\\"Enter current password for root (enter for none):\\\"
-send \\\"\\r\\\"
-expect \\\"Switch to unix_socket authentication\\\"
-send \\\"n\\r\\\"
-expect \\\"Change the root password?\\\"
-send \\\"Y\\r\\\"
-expect \\\"New password:\\\"
-send \\\"$masterpwd\\r\\\"
-expect \\\"Re-enter new password:\\\"
-send \\\"$masterpwd\\r\\\"
-expect \\\"Remove anonymous users?\\\"
-send \\\"Y\\r\\\"
-expect \\\"Disallow root login remotely?\\\"
-send \\\"Y\\r\\\"
-expect \\\"Remove test database and access to it?\\\"
-send \\\"Y\\r\\\"
-expect \\\"Reload privilege tables now?\\\"
-send \\\"Y\\r\\\"
-expect eof
-\")
-echo \"\$SECURE_MYSQL\" > secureresult
+DELETE FROM mysql.global_priv WHERE User='';
+DELETE FROM mysql.global_priv WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
+DROP DATABASE IF EXISTS test;
+DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
+FLUSH PRIVILEGES;
+ALTER USER 'root'@'localhost' IDENTIFIED BY '$masterpwd';
 "
+printf '%s\n' "${postinstall[@]}" |sed '1d; $d' > postinstall.sql
 #
-# Install and configure MariaDB we use expect for the mysql secure installation
+# Install and configure MariaDB
 #
 apt install -y mariadb-server mariadb-client
-cp -Rp $mariaconfig $backupdir 
 sed -i 's/127.0.0.1/0.0.0.0/' $mariaconfig
 printf '%s\n' "${customconf[@]}" |sed '$d' > customconf
 sed -i "/0.0.0.0/r customconf" $mariaconfig
@ -135,17 +116,15 @@ printf '%s\n' "${myconf[@]}" |sed '1d; $d' > /root/.my.cnf && chmod 400 /root/.m
 #
 sed -i '/#log_error = \/var\/log\/mysql\/error.log/ s/^.//' $mariaconfig
 #
-# Install Expect and run mysql_secure_installation
+# MySql apply hardening
 #
-apt install -y expect
-printf '%s\n' "${postinstall[@]}" |sed '1d; $d' > postinstall
-source postinstall
+mysql < postinstall.sql
 systemctl restart mariadb
 #
-# Display output of mysql_secure_installation and clean up 
+# Clean up and display output
 #
-clear ; cat secureresult |sed '1d; $d' ; printf "\n" ; line '-' ; printf "All Done...\n" ; line '-' ; printf "\n"
-rm customconf postinstall secureresult
+rm customconf postinstall.sql
+clear ; printf "\n" ; line ; printf "All Done...\n" ; line ; printf "\n"
 #
 # End of script
 #