How to Install MySQL and Secure it on Ubuntu

Summary:
Learn how to install and secure MySQL server.

MySQL is one of the most popular open-source relational database management systems. It is widely used for web applications, development environments, and production servers. This tutorial will guide you through the process of installing MySQL on Ubuntu and securing it for a production-ready setup.

Prerequisites

  • A system running Ubuntu 20.04, 22.04, or later
  • A user account with sudo privileges
  • Terminal or SSH access

Step 1: Update Your System

Before installing any package, it's good practice to update your local package index.

sudo apt update
sudo apt upgrade

Step 2: Install MySQL Server

Ubuntu provides MySQL through its default repositories. To install MySQL, run:

sudo apt install mysql-server

This will automatically install the server and all necessary dependencies.

Step 3: Check MySQL Service Status

Once installed, verify that the MySQL service is running:

sudo systemctl status mysql

You should see output indicating the service is active and running. If it’s not, start it manually:

sudo systemctl start mysql

Enable MySQL to start at boot:

sudo systemctl enable mysql

Step 4: Secure MySQL Installation

MySQL provides an installation security script to harden your database setup.

Run the security script:

sudo mysql_secure_installation

You will be prompted to:

  • Set up a password for the MySQL root user (if not set during install)
  • Remove anonymous users
  • Disallow remote root login
  • Remove the test database
  • Reload privilege tables

Respond to each prompt based on your requirements. For most production deployments, it is best to answer yes to all prompts.

Example Output

VALIDATE PASSWORD COMPONENT can be used to test passwords...
Would you like to setup VALIDATE PASSWORD component? Y/N
New password: <enter strong password>
Re-enter new password: <repeat>
Remove anonymous users? Y
Disallow root login remotely? Y
Remove test database and access to it? Y
Reload privilege tables now? Y

Step 5: Verify MySQL Secure Installation

Login to MySQL as root:

sudo mysql -u root -p

Enter the password you set during the secure installation. The prompt should change to:

mysql>

To check the users, run:

SELECT User, Host FROM mysql.user;

To exit, type:

exit

Step 6: (Optional) Adjust Firewall

If your server uses UFW firewall, adjust the rules to allow MySQL only from specific sources, or block external access entirely.

Allow local connections:

sudo ufw allow from 127.0.0.1 to any port 3306

Or deny by default:

sudo ufw deny 3306

Step 7: Change Authentication Method (if necessary)

Ubuntu’s MySQL package may default to the auth_socket plugin for root, which allows login only via the system root user. To allow password authentication, change it as follows:

sudo mysql

ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'yourpassword';
FLUSH PRIVILEGES;
exit

Additional Security Tips

  • Keep MySQL updated: Regularly update your packages to receive the latest security patches.
  • Use strong passwords: Especially for root and database application users.
  • Disable remote root access: As set during mysql_secure_installation.
  • Regular Backups: Schedule automatic backups of your databases.
  • Monitor logs: Regularly check MySQL logs for unusual activity.

Conclusion

You’ve successfully installed and secured MySQL on Ubuntu! Your server is now ready for development or production use. Always follow security best practices and keep your software up to date. For more advanced configuration, consult the official MySQL documentation.

Have questions about installing or securing MySQL? Let us know in the comments!

Back to All Articles