Installing MySQL
1.Install the necessary packages.
|
1 2 |
# apt update # apt install mysql-server |
2.Configure security settings for MySQL server.
There is a tool called mysql_secure_installtion that can be used to configure security-related settings for the MySQL server.
When you run it, it will ask you a series of questions to help you configure some security settings.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 |
# mysql_secure_installation You will be asked if you want to use a plugin for password validation, as shown below. Password validation means that you can check the password strength of users for MySQL and restrict them to accept only passwords that are secure enough. For example, it should be at least a few characters long and always contain at least one symbol and one number. You can set this condition in the following question. Type y if you like and press Enter Securing the MySQL server deployment. Connecting to MySQL using a blank password. VALIDATE PASSWORD PLUGIN can be used to test passwords and improve security. It checks the strength of password and allows the users to set only those passwords which are secure enough. Would you like to setup VALIDATE PASSWORD plugin? Press y|Y for Yes, any other key for No:y If you chose "y" for the above question, you will then be asked for the password validation level.LOW、MEDIUM、STRONGの3つのレベルがあり、 In this case, we will select MEDIUM, so enter 1 and press Enter. There are three levels of password validation policy: LOW Length >= 8 MEDIUM Length >= 8, numeric, mixed case, and special characters STRONG Length >= 8, numeric, mixed case, special characters and dictionary file Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG:1 The contents of each level are as follows. LOW Minimum 8 words or more上 MEDIUM At least 8 characters, always including numbers, uppercase and lowercase letters, and special symbols STRONG Must be at least 8 characters long and contain numbers, uppercase and lowercase letters, and special symbols, with a restriction that strings of 4 or more characters must not match words in the dictionary file. Then, enter the password twice that actually satisfies the level. This is the password for the root user. Please set the password for root here. New password:<password> Re-enter new password:<password> When you enter a password twice, a score from 0 to 100 will be assigned to the password you entered, and you will be asked to confirm that it is correct. The higher the security level, the higher the score If it's OK, type y and press Enter Estimated strength of the password: 50 Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) :y Please note that the password you set when you create a user for MySQL in the future must meet the security level you set here. You will then be asked if you want to remove the anonymous test user that MySQL sets by default. If you are sure, type y and press Enter. By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? (Press y|Y for Yes, any other key for No) :y You will be asked to confirm that you want to prohibit remote root login. In this case, type y and press Enter. Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? (Press y|Y for Yes, any other key for No) :y Confirm that you want to delete the "test" database, which is usually created by default by MySQL and is accessible to any user. By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? (Press y|Y for Yes, any other key for No) :y Confirm that you want to reload to reflect the settings you have made so far. Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? (Press y|Y for Yes, any other key for No) :y At the end, the contents of the settings you have made up to this point will be displayed, and if the message "All done! (...Abbreviation....) - Dropping test database... Success. - Removing privileges on test database... Success. Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y Success. All done! |
3.Change the configuration so that you can login to MySQL with a password.
I set a password with the above settings, but it will not be used in this way
In MySQL 5.7 and later, the MySQL root user is not allowed to login with a password by default.
Instead of a password, you need to log in with your system's root user (in this case, Ubuntu's root user since the OS is Ubuntu) information.
In other words, you can also login to MySQL as the root user of MySQL with sudo.
This is because MySQL 5.7 or later uses a plugin called auth_socket.
If you want to set a password for the MySQL root user and log in to MySQL with that password as before, you need to change to use the mysql_native_password plugin instead of auth_socket.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# mysql mysql> SELECT user,authentication_string,plugin,host FROM mysql.user; You can see that the "plugin" part of the root user is set to auth_socket as shown below | user | authentication_string | plugin | host |+------------------ +--------------------------------------- ----+----------------------- +-----------+| root | | auth_socket | localhost || mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | mysql_native_password | localhost || mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | mysql_native_password | localhost || debian-sys-maint | *5F6EC674A843A2EDC44C4B6BCBD832ADC88AF8BB | mysql_native_password | localhost | +------------------+---------------------------------------- ---+-----------------------+---------+ If you want to change this to the traditional password authentication, execute the following command. For "yourpassword", enter the actual password you want to use. mysql> ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '<yourpassword>'; Reflect. mysql> FLUSH PRIVILEGES; mysql> exit; |
|
1 2 |
# mysql -u root -p password : <yourpassword> |