The securemysql Script

Last modified: May 13, 2020

Overview

The /usr/local/cpanel/scripts/securemysql script secures a cPanel accounts MySQL® configuration. To do this, the script performs the following actions:

• Confirms that MySQLs root password exists.

• Changes the var/db/mysql and var/lib/mysql directories ownership to the mysql user.

• Removes the anonymous and remote root users.

• Removes the test database.

• Removes the databases LOCK TABLES and TMP TABLES privileges.

To undo any changes that this script performs, create the /etc/securemysqldisable touch file.

Run the script

To use this script, run the following command as the root user:

/usr/local/cpanel/scripts/securemysql [arguments] [actions]

Arguments

The /usr/local/cpanel/scripts/securemysql script accepts the following arguments:

• -a  Specify additional actions in a comma-separated list. For example:

  -a removeanon, removeremoteroot

  Note:

  To perform all actions on a MySQL database, pass the -a argument without any additional actions.

  For a list of additional actions, view the Actions section below.

   

• -F  Execute the script and do not display the help text.

• -h  Display the help message.

• -q  Execute the script in silent mode.

Actions

You can specify any of the following options in a comma-separated list with the -a argument:

• removeanon Remove any anonymous MySQL users.

• removetestdb  Remove test database.

• removelockntmp  Remove global LOCK TABLES permissions and create TMP TABLES privileges.

• removeremoteroot  Remove remote root user login privileges.

• removehordeallhosts  Remove insecure Horde login credentials and privileges.

  Note:

  As of cPanel & WHM version 11.50, cPanel & WHM uses SQLite databases to store MySQL user data instead of Horde databases.

   

• removehordeblankpass  Remove Horde database users that possess blank login passwords.

  Note:

  As of cPanel & WHM version 11.50, cPanel & WHM uses SQLite databases to store MySQL user data instead of Horde databases.