Linux practical small script series (2)-mysql secure initialization script without interactive execution-mysql_secure_installation
Usually after mysql is installed, there will be a script that enhances mysql security, and the initialization password can also be quickly realized through this script, but if you use your own script to install mysql (regardless of whether it is binary or compiled or yum installation), install After the completion, you need to manually execute the script - mysql_secure_installation, which is not very irritating. How to solve this problem? The expect script can help you implement the script without interaction, which is very apricot-like and fast.
Now it is assumed that mysql is installed. Now start writing expect scripts to quickly execute security scripts.
yum install -y expect #Install the expect script interpreter
The content of vim mysql_secure.sh is as follows: (what password is required to be written after the set passwd line)
#!/usr/bin/expect
set passwd 要设定的密码
spawn mysql_secure_installation
expect {
"Enter current password" { send "\r"; exp_continue }
"Y/n" { send "Y\r"; exp_continue }
"New password" { send "$passwd\r"; exp_continue }
"Re-enter new password" { send "$passwd\r"; exp_continue }
"Remove anonymous users" { send "Y\r"; exp_continue }
"Disallow root login remotely" { send "Y\r"; exp_continue }
"Remove test database and access to it" { send "Y\r"; exp_continue }
"Reload privilege tables now" { send "YExecute script: expect script name, or ./script name. One more thing, usually one way of shell script execution is bash script name. Now you need to replace bash with expect. The method of ./script name is the same as that of shell script, which needs to be given execution permission, chmod +x script name.
In the above script, the password is hard-coded in the script. If you want to be more flexible, such as passing parameters to improve security, you can execute the script with parameters, with only a small change.
#!/usr/bin/expect
set passwd [lindex $argv 0]
spawn mysql_secure_installation
expect {
"Enter current password" { send "\r"; exp_continue }
"Y/n" { send "Y\r"; exp_continue }
"New password" { send "$passwd\r"; exp_continue }
"Re-enter new password" { send "$passwd\r"; exp_continue }
"Remove anonymous users" { send "Y\r"; exp_continue }
"Disallow root login remotely" { send "Y\r"; exp_continue }
"Remove test database and access to it" { send "Y\r"; exp_continue }
"Reload privilege tables now" { send "Y\r" }
}
When executing the script, just take one parameter, which is the password.
For example, expect script name parameter 1, then the value of parameter 1 is the password, which can be verified by logging in to mysql.