我正在尝试使用自动响应自动化mysql_secure_installation脚本。我的代码如下:
echo "& y y abc abc y y y y" | ./usr/bin/mysql_secure_installation
我自动化的实际问题如下:
Enter current password for root (enter for none): <enter>
Set root password? [Y/n] y
New password: abc
Re-enter new password: abc
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
但是它给了我一个错误“抱歉你不能在这里使用空密码”但是在屏幕上我曾经按回车键来解决第一个问题。
答案 0 :(得分:69)
我偶然发现了这个问题,但决定通过Bash脚本手动运行查询:
#!/bin/bash
# Make sure that NOBODY can access the server without a password
mysql -e "UPDATE mysql.user SET Password = PASSWORD('CHANGEME') WHERE User = 'root'"
# Kill the anonymous users
mysql -e "DROP USER ''@'localhost'"
# Because our hostname varies we'll use some Bash magic here.
mysql -e "DROP USER ''@'$(hostname)'"
# Kill off the demo database
mysql -e "DROP DATABASE test"
# Make our changes take effect
mysql -e "FLUSH PRIVILEGES"
# Any subsequent tries to run queries this way will get access denied because lack of usr/pwd param
答案 1 :(得分:43)
由于mysql_secure_installation只是一个Bash脚本,只需查看raw source code as shown here即可。查找读取的行do_query(请注意我在do_query之后放置的额外空间;需要查找与函数相关的查询)然后您可以找到这些命令。
UPDATE mysql.user SET Password=PASSWORD('root') WHERE User='root';
DELETE FROM mysql.user WHERE User='';
DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
DROP DATABASE IF EXISTS test;
DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
FLUSH PRIVILEGES;
请注意,对于此示例,我将密码设置为root,但您可以随意更改密码以符合您的设置需求。无论如何,只需要一堆MySQL命令并将其保存在名为mysql_secure_installation.sql的文件中。
完成后,只需通过脚本运行以下命令来保护MySQL安装:
mysql -sfu root < "mysql_secure_installation.sql"
s沉默错误,f强制命令继续,即使有一个窒息。 u与紧随其后的用户名相关,在这种情况下,显然是root。
在没有密码的情况下在最初安装MySQL的部署脚本中运行它,并且您可以将其锁定而无需任何键盘交互。
PS:这个脚本放在一起,以确保在Ubuntu 14.04上安装MySQL,该安装与export DEBIAN_FRONTEND=noninteractive集一起安装,实际安装命令设置为sudo -E aptitude install -y --assume-yes -q mysql-server mysql-client。这样做会在没有密码的情况下在Ubuntu上干净地安装MySQL;这对于部署脚本很有用。在安装发生后,这个mysql -sfu root < "mysql_secure_installation.sql"只会在几秒钟内锁定它。
答案 2 :(得分:21)
您可以尝试使用expect。 请查看此automating mysql_secure_installation或我的modification。
答案 3 :(得分:16)
我刚刚在CentOS 6.7上执行了以下操作:
mysql_secure_installation <<EOF
y
secret
secret
y
y
y
y
EOF
答案 4 :(得分:1)
你可以试试这个:
echo -e "\ny\ny\nabc\nabc\ny\ny\ny\ny" | ./usr/bin/mysql_secure_installation
答案 5 :(得分:1)
sudo mysql -e "SET PASSWORD FOR root@localhost = PASSWORD('123');FLUSH PRIVILEGES;"
printf "123\n n\n n\n n\n y\n y\n y\n" | sudo mysql_secure_installation
输入root的当前密码(不输入密码)? (我为root设置了123)
切换到unix_socket身份验证? n
更改root密码? n
删除匿名用户? n
禁止远程root登录? y
删除测试数据库并访问它? y
现在重新加载特权表? y
版本: 使用readline 5.1 for osx10.14(x86_64)的mysql Ver 15.1 Distrib 10.4.6-MariaDB
答案 6 :(得分:0)
yum localinstall -y https://dev.mysql.com/get/mysql57-community-release-el7-9.noarch.rpm
yum install -y mysql-community-server
# start mysql service
service mysqld start
# get Temporary root Password
root_temp_pass=$(grep 'A temporary password' /var/log/mysqld.log |tail -1 |awk '{split($0,a,": "); print a[2]}')
echo "root_temp_pass:"$root_temp_pass
# mysql_secure_installation.sql
cat > mysql_secure_installation.sql << EOF
# Make sure that NOBODY can access the server without a password
UPDATE mysql.user SET Password=PASSWORD('yourrootpass') WHERE User='root';
# Kill the anonymous users
DELETE FROM mysql.user WHERE User='';
# disallow remote login for root
DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
# Kill off the demo database
DROP DATABASE IF EXISTS test;
DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
# Make our changes take effect
FLUSH PRIVILEGES;
EOF
mysql -uroot -p"$root_temp_pass" --connect-expired-password <mysql_secure_installation.sql
基于@JakeGould答案的全新mysql5.7安装自动化脚本。 在Centos 7.5.1804上正常工作。
答案 7 :(得分:0)
在安装MySql之后,我正在使用简单的命令来更改root密码,但是得到上述error (signal 9 kill)
(FATAL: Chef::Exceptions::ChildConvergeError: Chef run process terminated by signal 9 (KILL)) Though the command works and password is changed the error is confusing.
script "change password" do
interpreter "bash"
user "root"
cwd "/tmp"
code <<-EOH
#MYSQL
root_temp_pass=$(grep 'A temporary password' /mysql/log/mysqld.log |tail -1 |awk '{split($0,a,": "); print a[2]}')
#Login as root change password
mysql -uroot -p"$root_temp_pass" -Be "ALTER USER 'root'@'localhost' IDENTIFIED BY 'Czt732ck#';" --connect-expired-password
EOH
end
答案 8 :(得分:0)
只需在Ubuntu Bionic 18.04LTS上进行测试
步骤1
export MYPWD="D33Ps3CR3T";
export NEWPWD="D33P3Rs3CR3T";
步骤2
# First time **ever**
sudo mysql_secure_installation 2>/dev/null <<MSI
n
y
${MYPWD}
${MYPWD}
y
y
y
y
MSI
# Did it work?
mysql -u root -p${MYPWD} -e "SELECT 1+1";
# -------
第3步
# Every subsequent time
sudo mysql_secure_installation 2>/dev/null <<MSI2
${MYPWD}
n
y
${NEWPWD}
${NEWPWD}
y
y
y
y
MSI2
# Just in case (optional) ....
sudo service mysql restart
# Did it work?
mysql -u root -p${NEWPWD} -e "SELECT 1+1";
在编辑了步骤1的前后密码之后,您应该能够将步骤2和#3直接粘贴到终端中。
sudo是强制性的。MSI没有特殊含义(避免碰撞;我在脚本的其他地方使用了EOF)2>/dev/null隐藏警告“ stty:'标准输入':设备的ioctl不适当” &>/dev/null用于完全静音模式。答案 9 :(得分:0)
我使用以下几行。适用于AWS Linux AMI 2018
db_root_password=Password4root
cat <<EOF | mysql_secure_installation
y
0
$db_root_password
$db_root_password
y
y
y
y
y
EOF
答案 10 :(得分:-3)
当您运行此命令时,将弹出一个窗口,它将引导您完成保护MySQL安装的过程。那就是它!