fix issues for EL7 + simplify account security

* EL7 uses mariadb & systemd -> adjust setpasswd script to that * move the security ensurance to the setpassword script, as it's easier to ensure that there
author: mh <mh@immerda.ch> 2015-01-24 18:05:08 +0100
committer: mh <mh@immerda.ch> 2015-01-24 18:05:08 +0100
commit: e1649647f326abeb256a73e4cb1060840f846f24 (patch)
tree: 28ce305f242f98022d5c87280979230129854eec /files
parent: fd71b9473fcb4c4e9f839bd9e579e899d424b71f (diff)
4 files changed, 58 insertions, 5 deletions
diff --git a/files/scripts/CentOS/setmysqlpass.sh b/files/scripts/CentOS/setmysqlpass.sh
index 8b468e1..b84aa7a 100644
--- a/files/scripts/CentOS/setmysqlpass.sh
+++ b/files/scripts/CentOS/setmysqlpass.sh
@@ -6,20 +6,20 @@ rootpw=$(grep password /root/.my.cnf | sed -e 's/^[^=]*= *\(.*\) */\1/')
 
 /usr/bin/mysqladmin -uroot --password="${rootpw}" status > /dev/null && echo "Nothing to do as the password already works" && exit 0
 
-/sbin/service mysqld stop
+/usr/bin/systemctl stop mariadb
 
-/usr/libexec/mysqld --skip-grant-tables --user=root --datadir=/var/lib/mysql/data --log-bin=/var/lib/mysql/mysql-bin &
+/usr/libexec/mysqld --skip-grant-tables --user=root --datadir=/var/lib/mysql/data --log-bin=/var/lib/mysql/mysql-bin --pid-file=/var/run/mariadb/mariadb.pid &
 sleep 5
 mysql -u root mysql <<EOF
 UPDATE mysql.user SET Password=PASSWORD('$rootpw') WHERE User='root' AND Host='localhost';
+DELETE FROM mysql.user WHERE (User='root' AND Host!='localhost') OR USER='';
 FLUSH PRIVILEGES;
 EOF
-killall mysqld
+kill `cat /var/run/mariadb/mariadb.pid`
 sleep 15
 # chown to be on the safe side
 ls -al /var/lib/mysql/mysql-bin.* &> /dev/null
 [ $? == 0 ] && chown mysql.mysql /var/lib/mysql/mysql-bin.*
 chown -R mysql.mysql /var/lib/mysql/data/
 
-/sbin/service mysqld start
-
+/usr/bin/systemctl start mariadb
diff --git a/files/scripts/CentOS/setmysqlpass.sh.5 b/files/scripts/CentOS/setmysqlpass.sh.5
new file mode 100644
index 0000000..abd0931
--- /dev/null
+++ b/files/scripts/CentOS/setmysqlpass.sh.5
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+test -f /root/.my.cnf || exit 1
+
+rootpw=$(grep password /root/.my.cnf | sed -e 's/^[^=]*= *\(.*\) */\1/')
+
+/usr/bin/mysqladmin -uroot --password="${rootpw}" status > /dev/null && echo "Nothing to do as the password already works" && exit 0
+
+/sbin/service mysqld stop
+
+/usr/libexec/mysqld --skip-grant-tables --user=root --datadir=/var/lib/mysql/data --log-bin=/var/lib/mysql/mysql-bin &
+sleep 5
+mysql -u root mysql <<EOF
+UPDATE mysql.user SET Password=PASSWORD('$rootpw') WHERE User='root' AND Host='localhost';
+DELETE FROM mysql.user WHERE (User='root' AND Host!='localhost') OR USER='';
+FLUSH PRIVILEGES;
+EOF
+killall mysqld
+sleep 15
+# chown to be on the safe side
+ls -al /var/lib/mysql/mysql-bin.* &> /dev/null
+[ $? == 0 ] && chown mysql.mysql /var/lib/mysql/mysql-bin.*
+chown -R mysql.mysql /var/lib/mysql/data/
+
+/sbin/service mysqld start
+
diff --git a/files/scripts/CentOS/setmysqlpass.sh.6 b/files/scripts/CentOS/setmysqlpass.sh.6
new file mode 100644
index 0000000..abd0931
--- /dev/null
+++ b/files/scripts/CentOS/setmysqlpass.sh.6
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+test -f /root/.my.cnf || exit 1
+
+rootpw=$(grep password /root/.my.cnf | sed -e 's/^[^=]*= *\(.*\) */\1/')
+
+/usr/bin/mysqladmin -uroot --password="${rootpw}" status > /dev/null && echo "Nothing to do as the password already works" && exit 0
+
+/sbin/service mysqld stop
+
+/usr/libexec/mysqld --skip-grant-tables --user=root --datadir=/var/lib/mysql/data --log-bin=/var/lib/mysql/mysql-bin &
+sleep 5
+mysql -u root mysql <<EOF
+UPDATE mysql.user SET Password=PASSWORD('$rootpw') WHERE User='root' AND Host='localhost';
+DELETE FROM mysql.user WHERE (User='root' AND Host!='localhost') OR USER='';
+FLUSH PRIVILEGES;
+EOF
+killall mysqld
+sleep 15
+# chown to be on the safe side
+ls -al /var/lib/mysql/mysql-bin.* &> /dev/null
+[ $? == 0 ] && chown mysql.mysql /var/lib/mysql/mysql-bin.*
+chown -R mysql.mysql /var/lib/mysql/data/
+
+/sbin/service mysqld start
+
diff --git a/files/scripts/Debian/setmysqlpass.sh b/files/scripts/Debian/setmysqlpass.sh
index ec2c971..3a3e336 100644
--- a/files/scripts/Debian/setmysqlpass.sh
+++ b/files/scripts/Debian/setmysqlpass.sh
@@ -12,6 +12,7 @@ rootpw=$(grep password /root/.my.cnf | sed -e 's/^[^=]*= *\(.*\) */\1/')
 sleep 5
 mysql -u root mysql <<EOF
 UPDATE mysql.user SET Password=PASSWORD('$rootpw') WHERE User='root' AND Host='localhost';
+DELETE FROM mysql.user WHERE (User='root' AND Host!='localhost') OR USER='';
 FLUSH PRIVILEGES;
 EOF
 killall mysqld
author	mh <mh@immerda.ch>	2015-01-24 18:05:08 +0100
committer	mh <mh@immerda.ch>	2015-01-24 18:05:08 +0100
commit	e1649647f326abeb256a73e4cb1060840f846f24 (patch)
tree	28ce305f242f98022d5c87280979230129854eec /files
parent	fd71b9473fcb4c4e9f839bd9e579e899d424b71f (diff)