sudo mysql_secure_installation

How to Use mysql_secure_installation to Secure MySQL

After installing MySQL, run the following command to secure it:

sudo mysql_secure_installation

You'll be prompted with a series of questions. Here's a breakdown of each one and what it does:

Step-by-Step Prompts and Explanations

1. Enter current password for root (enter for none):

   • If you’re using MySQL 8.0+, a temporary password was generated during installation. Paste it here.

   • If you're reinstalling or upgrading and no password was set, just press Enter.

2. Set root password? [Y/n]:

   • Choose Y to set a new, strong root password.

   • This is essential to prevent unauthorized access.

3. Remove anonymous users? [Y/n]:

   • Choose Y.

   • This removes users who can log in without a username, reducing security risks.

4. Disallow root login remotely? [Y/n]:

   • Choose Y for best security (recommended for most setups).

   • This prevents the root user from logging in remotely over the network.

5. Remove the test database and access to it? [Y/n]:

   • Choose Y.

   • The test database is only for development and should not exist on a production system.

6. Reload privilege tables now? [Y/n]:

   • Choose Y to apply all changes made.

Example Output

Securing the MySQL server deployment.

Enter password for user root:
The existing password for the user account root has expired. Please set a new password.

New password:
Re-enter new password:
Estimated strength of the password: 100

Do you wish to continue with the password provided? [Y/n] Y
Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y
Disallow root login remotely? (Press y|Y for Yes, any other key for No) : Y
Remove test database and access to it? (Press y|Y for Yes, any other key for No) : Y
Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y

All done!

Conclusion

Using mysql_secure_installation is a best practice for anyone deploying MySQL. It hardens your database against common threats by removing insecure default settings.