[ec2-user@ip-10-0-0-18 /]$ sudo mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.
You already have your root account protected, so you can safely answer 'n'.
Switch to unix_socket authentication [Y/n] n
... skipping.
You already have your root account protected, so you can safely answer 'n'.
Change the root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] Y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
[ec2-user@ip-10-0-0-18 /]$🔐 mysql_secure_installation の各ステップにコメント付きで解説
[ec2-user@ip-10-0-0-18 /]$ sudo mysql_secure_installation
👉 MariaDB を安全な設定にするためのスクリプトを実行。
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
👉 **「本番環境では全部やるべきだよ」**という注意書き。
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.
👉 これから設定を行うために root パスワードが必要。
👉 インストールした直後は まだパスワードが無いので Enter を押すだけ。
Enter current password for root (enter for none):
OK, successfully used password, moving on...
👉 現在の root パスワード入力 → 正しく認証できたので続行。
Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.
👉 root を安全に使うため、
- root パスワード設定
または - unix_socket 認証
のどちらかを使う必要がある、という説明。
You already have your root account protected, so you can safely answer 'n'.
👉 すでに root 保護されているため、ここでは n(No)でOK。
Switch to unix_socket authentication [Y/n] n
... skipping.
👉 unix_socket 方式に変更しない(n)
👉(多くの Linux はこっちを推奨される場合もあるが、WordPress と組み合わせる場合はパスワード方式が分かりやすい)
Change the root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
👉 root のパスワードを新しく設定した chisa00
👉 権限テーブルをリロードして反映。
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.
👉 MariaDB インストール直後は **「匿名ユーザ」**が存在し、誰でも入れてしまう危険な状態。
Remove anonymous users? [Y/n] Y
... Success!
👉 匿名ユーザ削除 → とても重要なセキュリティ対策。
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
👉 root は ローカルからのみ接続できるようにするのが安全
👉 外部から root を狙われるリスクを防ぐ。
Disallow root login remotely? [Y/n] Y
... Success!
👉 root の リモートログイン禁止。
👉 セキュリティ強化の重要ポイント。
By default, MariaDB comes with a database named 'test' that anyone can
access.
👉 初期状態では 誰でも使えるテストデータベース が作られる。
Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
👉 test データベースを削除し、アクセス権も削除。
👉 不要な穴を塞ぐため 削除推奨。
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
👉 今までの設定を その場で反映させるためのリロード。
Reload privilege tables now? [Y/n] Y
... Success!
👉 権限テーブル再読込 → セキュリティ設定の反映完了。
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
👉 すべて完了!
👉 MariaDB が安全な構成に改善された。
✔ まとめ(実習ポイント)
- root のパスワード設定
- 匿名ユーザ削除
- root のリモート接続禁止
- test データベース削除
- 設定の反映(privileges reload)
WordPress などの Web サービスを動かすときに、
MariaDB のセキュリティ初期設定として 必須の作業 です。