Child pages
  • The securemysql Script

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Include Page
LIB:_Version
LIB:_Version

Table of Contents
stylenone

Overview

The /usr/local/cpanel/scripts/securemysql script secures a cPanel account's MySQL® configuration. To do this, the script performs the following actions:

  • Confirms that MySQL's root password exists.

  • Changes the var/db/mysql and var/lib/mysql directories' ownership to the mysql user.

  • Removes the anonymous and remote root users.
  • Removes the test database.
  • Removes the database's LOCK TABLES and TMP TABLES privileges.

To undo any changes that this script performs, create the /etc/securemysqldisable touch file.

The /usr/local/cpanel/scripts/securemysql script

To use this script, run the following command as the root user:

Code Block
languagebash
/usr/local/cpanel/scripts/securemysql [arguments] [actions]

Arguments

The /usr/local/cpanel/scripts/securemysql script accepts the following arguments:

ArgumentDescription
-a

Specify additional actions in a comma-separated list. For example:

Code Block
languagetext
-a removeanon, removeremoteroot


Note
titleNote:

To perform all actions on a MySQL database, pass the -a argument without any additional actions.

For a list of additional actions, view the Options section below.


-F

Execute the script and do not display the help text.

-h

Display the help message.

-q

Execute the script in silent mode.

Actions

You can specify any of the following options in a comma-separated list with the -a argument. 

ActionDescription
removeanonRemove any anonymous MySQL users.
removetestdbRemove test database.
removelockntmpRemove global LOCK TABLES permissions and create TMP TABLES privileges.
removeremoterootRemove remote root user login privileges.
removehordeallhosts

Remove insecure Horde login credentials and privileges.

Note
titleNote:

As of cPanel & WHM version 11.50, cPanel & WHM uses SQLite databases to store MySQL user data instead of Horde databases.


removehordeblankpass

Remove Horde database users that possess blank login passwords.

Note
titleNote:

As of cPanel & WHM version 11.50, cPanel & WHM uses SQLite databases to store MySQL user data instead of Horde databases.



Additional documentation

Localtab Group


Localtab
activetrue
titleSuggested documentation

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel = "mysql" and label = "whm" and space = currentSpace()


Localtab
titleFor cPanel users

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel = "mysql" and label = "cpanel" and space = currentSpace()


Localtab
titleFor WHM users

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel = "mysql" and label = "whm" and space in (currentSpace(),"CKB")


Localtab
titleFor developers

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel = "mysql" and space = "DD"