mysql_secure_installation

Start an interactive setup

$ mysql_secure_installation

$ mysql_secure_installation --host [host] --port [port]

$ mysql_secure_installation --help

mysql_secure_installation

No direct command-line options
    The mysql_secure_installation script is interactive. It does not accept command-line parameters or arguments in the traditional sense. Instead, it prompts the user for input during its execution to configure security settings.

The mysql_secure_installation command is a crucial script designed to enhance the security of your newly installed MySQL or MariaDB database server. It guides you through a series of interactive prompts, allowing you to configure essential security measures that prevent common vulnerabilities. Typically, after installing a fresh database server, this command is the first step to harden its security posture.

The script's prompts generally include:
1. Setting a strong root password: Crucial for administrative access.
2. Removing anonymous users: These users have limited privileges but can be a security risk.
3. Disallowing remote root login: Prevents the superuser from connecting from external machines, reducing the attack surface.
4. Removing the 'test' database and access to it: The 'test' database is often included by default for development and testing, but it's unnecessary and potentially insecure in a production environment.
5. Reloading privilege tables: Applies the changes made during the session immediately.

Running this command is highly recommended for all new database installations to establish a baseline of security practices.

mysql_secure_installation requires root privileges or sudo to execute, as it modifies system-level database configurations. It must be run directly on the database server machine. Users should carefully review each prompt and understand its implications before confirming, as these changes directly impact the security and accessibility of the database. This script only secures the MySQL/MariaDB server itself and does not configure security for client applications, web interfaces (like phpMyAdmin), or the operating system.

During its execution, mysql_secure_installation guides you through several key security questions:
1. Validate Password Component: Option to install a plugin for password strength checking.
2. Change the root password?: Sets a new password for the 'root' user.
3. Remove anonymous users?: Eliminates default anonymous user accounts.
4. Disallow root login remotely?: Prevents the 'root' user from connecting from any host other than 'localhost'.
5. Remove test database and access to it?: Deletes the 'test' database and associated privileges.
6. Reload privilege tables now?: Applies all the changes made during the session.

Ensure the MySQL or MariaDB server is running before executing mysql_secure_installation. You will need to know the current 'root' password (which might be empty or temporarily set on a fresh installation) to proceed.

The mysql_secure_installation utility has been an integral part of MySQL and MariaDB distributions for many years. It was introduced to provide a standardized, user-friendly, and interactive way to apply initial security hardening steps immediately after a fresh database server installation. Its core functionality and interactive prompts have remained largely consistent across versions, making it a reliable tool for basic database security.

mysql(1): The MySQL command-line client for interacting with the database., mysqld(8): The MySQL server daemon, the main database process., mysqladmin(1): A client for performing administrative operations on the MySQL server., mariadb-install-db(1): (MariaDB specific) A script used to initialize the MariaDB data directory.