This module installs or updates the mysql package via the system package manager and runs several securing actions. Essentially this module rewrites the, already in the mysql-server package included, "mysql_secure_installation" script for puppet automation. The hardening and install/update modules are seperate and can be included or excluded at will.
* Debian 8 and later (tested, should work with older versions, too)
* Ubuntu 14 and later (tested, should work with older versions, too)
-
[*change_mysql_pw*]
- change the password for the mysql root user. Options:true
,false
-
[*mysql_root_pw*]
- Password for the mysql root user. If you install mysql through this script the root password will be blank. Options:String
; default: blank -
[*new_mysql_root_pw*]
- the new password for the mysql root user. Options:String
-
[*remove_anonymous_user*]
- the MySql default settings allow anonymous users (black user name) to connect to the database, true will remove this behavior. Options:true
,false
-
[*deactivate_remote_host*]
- dissallow remote root login. Root login will only be possible from localhost. Options:true
,false
-
[*delete_demo_database*]
- This option removes the default test database, which every user can access. Options:true
,false
Since this module installs and changes system configuration files, it must be run with root privileges.
The following stept show you the process with terminal commands
* `puppet module build yourPath/toThe/module`
Once the module is built, puppet created a compressed file in /vm-nginx_hardening/pkg/mysql_hardening.-0.1.0tar.gz
.
* `puppet module install path/to/mysql_hardening.-0.1.0tar.gz`
* `class { 'mysql_hardening': }
class{ 'nginx_hardening': change_mysql_pw => true, }
If you don't want to update mysql-server, run the following command instead:
* `class { 'mysql_hardening::hardening': }`
- Steffen Hinderer
- Author:: Steffen Hinderer [email protected]
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.