Virtualmin installation file doesn't secure MySQL/MariaDB databases

Currently, Virtualmin installation file leaves securing the MySQL/MariaDB to the end-users automatically setting them up with test databases, anonymous user and without root password. Unfortunately, not everybody removes those test databases, deletes anonymous user and sets up the root password. In fact, most of the users have impression Virtualmin is secure and start using their system just after running Virtualmin installation file as is. Which in fact represents huge security issue.

You can read about securing the Initial MySQL Accounts on http://dba.stackexchange.com/questions/13361/mysql-why-are-there-test-en..., which in its turn references https://dev.mysql.com/doc/mysql-security-excerpt/5.1/en/default-privileg...

I'd like to quote the most important part of why Virtualmin setup file needs to run mysql_secure_installation:

On Unix, MySQL comes with a mysql_secure_installation script that can perform several helpful security-related operations on your installation. The script has the following capabilities:

Set a password for the root accounts
Remove any remotely accessible root accounts.
Remove the anonymous user accounts. This improves security because it prevents the possibility of anyone connecting to the MySQL server as root from a remote host. The results is that anyone who wants to connect as root must first be able to log in on the server host, which provides an additional barrier against attack.
Remove the test database (If you remove the anonymous accounts, you might also want to remove the test database to which they have access).

So please make Virtualmin installation file take care of this important step to secure the database and thus save lot's of Virtualmin users from security breaches.

Status: 
Active

Comments

Wait, how would the existence of the anonymous user allow someone to login as root?

Regarding the root password, after installing Virtualmin the initial wizard should prompt you to set it..

I never said that the existence of the anonymous user allows someone to login as root. I said by default there is an anonymous user with access to a test database. I believe it wouldn't harm if they all would be deleted during installation of Virtualmin.

The root password is a completely separate issue, but still why not to set the database root password during setting up the Virtualmin?

I don't think changing a root password during the install process automatically is the right thing to do - it may break other things on the system. That's why we prompt to change it post-install.

Fair enough. You may consider this one as closed. But if you can, then leaving the root password alone, please consider at least removing test databases and anonymous user.

I'll work on adding an option to remove the anonymous user and test DB.

The next release (5.05) will offer to remove the test DB and anonymous user in the post-install wizard.

Status: Active » Fixed
Status: Closed (fixed) » Active

This one was a good fix, but unfortunately there is still a related issue: after the fix the following database permissions are still left:

test Anonymous Any Select table data | Insert table data | Update table data | Delete table data | Create tables | Drop tables | Reference operations | Manage indexes | Alter tables | Create temp tables | Lock tables | Create View | Show View | Create Routine | Create Event | Create Trigger
  test\_% Anonymous Any Select table data | Insert table data | Update table data | Delete table data | Create tables | Drop tables | Reference operations | Manage indexes | Alter tables | Create temp tables | Lock tables | Create View | Show View | Create Routine | Create Event | Create Trigger

This would be wonderful and complete fix if those two database permissions also were dripped during Virtualmin setup.

Ok, I'll do that in the next release