Noting some installation and setup for MySQL on Ubuntu Server. I would recomend the use of sudo for the commands or run them as root.
One thing to be wary about is Ubuntu Server is by default it doesn’t utilize the a password for root. So I would recommend setting it.
The command for installing the MySQL server package from the repos can be found below. This will also install most of the needed packages including the mysql client and other utilizities like mysqld_safe and mysql_secure_installation.
apt-get -y install mysql-server
After installing the mysql-server package on Ubuntu Server I will go through the steps in the mysql_secure_installation command.
mysql_secure_installation
The command will walk you through the completion of the setup. The options are listed below. This is entirely dependent on your setup. I’m just listing the options available to complete it.
- Resetting the root password.
- Setting the password complexity requirements.
- Asks you if you’d like to remove anonymous users.
- Removes remote root login access from other computers or remotely.
- Remove the test database and grants (permissions) to it.
- Reloads the privilege tables
Securing the MySQL server deployment.
Connecting to MySQL using a blank password.
VALIDATE PASSWORD COMPONENT can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD component?
Press y|Y for Yes, any other key for No: y
There are three levels of password validation policy:
LOW Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary file
Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG:
Please set the password for root here.
New password:
Re-enter new password:
Estimated strength of the password: 100
Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : y
Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
Success.
Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.
Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
Success.
By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.
Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
- Dropping test database...
Success.
- Removing privileges on test database...
Success.
Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.
Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
Success.
All done!
If we need to move away from the default method for root login and we didn’t use mysql_secure_installation to update the password. Then we’ll need to configure this manually by logging in to the mysql client and configuring the account appropriately.
mysql -u root
The SQL query below will utilize ALTER to change the password to the root account that’s accessible from localhost. This can even be set to ‘%’ or even something like ‘10.100.10.51’ or any other IP address. Just make sure to actually set the root password to something specific to your needs in the quotes after the BY portion.
ALTER USER 'root'@'localhost' IDENTIFIED BY 'new-root-password';
Then we need to flush the privileges.
FLUSH PRIVILEGES;