Page tree
Skip to end of metadata
Go to start of metadata

For cPanel & WHM version 66

Overview

The /usr/local/cpanel/scripts/securemysql script secures a cPanel account's MySQL® configuration. To do this, the script performs the following actions:

  • Confirms that MySQL's root password exists.

  • Changes the var/db/mysql and var/lib/mysql directories' ownership to the mysql user.

  • Removes the anonymous and remote root users.
  • Removes the test database.
  • Removes the database's LOCK TABLES and TMP TABLES privileges.

To undo any changes that this script performs, create the /etc/securemysqldisable touch file.

The /usr/local/cpanel/scripts/securemysql script

To use this script, run the following command as the root user:

/usr/local/cpanel/scripts/securemysql [arguments] [actions]

Arguments

The /usr/local/cpanel/scripts/securemysql script accepts the following arguments:

ArgumentDescription
-a

Specify additional actions in a comma-separated list. For example:

-a removeanon, removeremoteroot

Note:

To perform all actions on a MySQL database, pass the -a argument without any additional actions.

For a list of additional actions, view the Options section below.

-F

Execute the script and do not display the help text.

-h

Display the help message.

-q

Execute the script in silent mode.

Actions

You can specify any of the following options in a comma-separated list with the -a argument. 

ActionDescription
removeanonRemove any anonymous MySQL users.
removetestdbRemove test database.
removelockntmpRemove global LOCK TABLES permissions and create TMP TABLES privileges.
removeremoterootRemove remote root user login privileges.
removehordeallhosts

Remove insecure Horde login credentials and privileges.

Note:

As of cPanel & WHM version 11.50, cPanel & WHM uses SQLite databases to store MySQL user data instead of Horde databases.

removehordeblankpass

Remove Horde database users that possess blank login passwords.

Note:

As of cPanel & WHM version 11.50, cPanel & WHM uses SQLite databases to store MySQL user data instead of Horde databases.


Additional documentation