4.4.2 mysql_secure_installation — Improve MySQL Installation Security提高MySQL安装安全性

This program enables you to improve the security of your MySQL installation in the following ways:此程序使您能够通过以下方式提高MySQL安装的安全性:

mysql_secure_installation helps you implement security recommendations similar to those described at Section 2.10.4, “Securing the Initial MySQL Account”.mysql_secure_installation可帮助您实现类似于第2.10.4节,“保护初始mysql帐户”中所述的安全建议。

Normal usage is to connect to the local MySQL server; invoke mysql_secure_installation without arguments:正常用法是连接到本地MySQL服务器;不带参数调用mysql_secure_installation

mysql_secure_installation

When executed, mysql_secure_installation prompts you to determine which actions to perform.执行时,mysql_secure_installation会提示您确定要执行哪些操作。

The validate_password component can be used for password strength checking. validate_password组件可用于密码强度检查。If the plugin is not installed, mysql_secure_installation prompts the user whether to install it. Any passwords entered later are checked using the plugin if it is enabled.如果未安装插件,mysql_secure_installation会提示用户是否安装。如果启用了插件,则会使用插件检查稍后输入的任何密码。

Most of the usual MySQL client options such as --host and --port can be used on the command line and in option files. For example, to connect to the local server over IPv6 using port 3307, use this command:大多数常见的MySQL客户端选项,如--host--port,都可以在命令行和选项文件中使用。例如,要使用端口3307通过IPv6连接到本地服务器,请使用以下命令:

mysql_secure_installation --host=::1 --port=3307

mysql_secure_installation supports the following options, which can be specified on the command line or in the [mysql_secure_installation] and [client] groups of an option file. For information about option files used by MySQL programs, see Section 4.2.2.2, “Using Option Files”.mysql_secure_installation支持以下选项,可以在命令行或选项文件的[mysql_secure_installation][client]组中指定。有关MySQL程序使用的选项文件的信息,请参阅第4.2.2.2节,“使用选项文件”。

Table 4.8 mysql_secure_installation Options选项

Option Name选项名称Description描述Introduced引入版本
--defaults-extra-fileRead named option file in addition to usual option files除了常规选项文件外,还读取命名选项文件
--defaults-fileRead only named option file只读命名选项文件
--defaults-group-suffixOption group suffix value选项组后缀值
--helpDisplay help message and exit显示帮助消息并退出
--hostHost on which MySQL server is locatedMySQL服务器所在的主机
--no-defaultsRead no option files不读取选项文件
--passwordAccepted but always ignored. Whenever mysql_secure_installation is invoked, the user is prompted for a password, regardless接受,但总是被忽视。无论何时调用mysql_secure_installation,都会提示用户输入密码,而不管
--portTCP/IP port number for connection用于连接的TCP/IP端口号
--print-defaultsPrint default options打印默认选项
--protocolTransport protocol to use要使用的传输协议
--socketUnix socket file or Windows named pipe to use要使用的Unix套接字文件或Windows命名管道
--ssl-caFile that contains list of trusted SSL Certificate Authorities包含受信任SSL证书颁发机构列表的文件
--ssl-capathDirectory that contains trusted SSL Certificate Authority certificate files包含受信任的SSL证书颁发机构证书文件的目录
--ssl-certFile that contains X.509 certificate包含X.509证书的文件
--ssl-cipherPermissible ciphers for connection encryption连接加密的允许密码
--ssl-crlFile that contains certificate revocation lists包含证书吊销列表的文件
--ssl-crlpathDirectory that contains certificate revocation-list files包含证书吊销列表文件的目录
--ssl-fips-modeWhether to enable FIPS mode on client side是否在客户端启用FIPS模式
--ssl-keyFile that contains X.509 key包含X.509密钥的文件
--tls-ciphersuitesPermissible TLSv1.3 ciphersuites for encrypted connections加密连接允许的TLSv1.3密码套件8.0.16
--tls-versionPermissible TLS protocols for encrypted connections加密连接的允许TLS协议
--use-defaultExecute with no user interactivity无需用户交互即可执行
--userMySQL user name to use when connecting to server连接到服务器时使用的MySQL用户名