The MySQL database package comes with an automated secure installation script called “mysql_secure_installation”. It’s advised to run this script soon after the installation of MySQL database, especially on a production machine. The obvious reason is, it improves security of the database.
By default MySQL,
- allows anonymous user logins
- ‘root’ user is not secured with a password
- ‘root’ user is allowed to connect from a remote machine
- during the installation, ‘test’ database is created with an access granted to every user.
Advantages of running ‘mysql_secure_installation’ script:
- Allows you to remove anonymous user logins
- Allows you to set a secure password for the ‘root’ user.
- Restricts ‘root’ user from connecting remotely
- Removes ‘test’ database created during the installation, as it does nothing in the production environment.
Execute ‘mysql_secure_installation’ after MySQL Installation
It’s simple and fast. All you need to do is, just run the command, read the steps carefully and hit enter!
Enter current password for root (enter for none): Set root password? [Y/n] New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success!
Remove anonymous users? [Y/n] Y ... Success!
Disallow root login remotely? [Y/n] Y ... Success!
Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success!
Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] Y ... Success!
That’s it! You have taken a first step towards securing MySQL installation. Happy DBing!