How to Install and Secure MySQL on Ubuntu 26.04

pendek

Installing and securing MySQL on Ubuntu 26.04 is one of the first tasks for anyone setting up a database-driven application or development environment. MySQL remains one of the most widely used relational database management systems, and Ubuntu 26.04 Resolute Raccoon ships with a recent version available directly from the default repositories. In this tutorial, you will learn how to mysql install secure ubuntu 26.04, create users and databases, and configure remote access safely.

Whether you are deploying a production server or building a local development stack, a properly secured MySQL installation protects your data from unauthorized access. This guide walks you through each step, from initial package installation through hardening with mysql_secure_installation, user management, and firewall configuration.

In this tutorial you will learn:

  • How to install MySQL server from the Ubuntu 26.04 repositories
  • How to harden your installation using mysql_secure_installation
  • How to create MySQL users and databases with appropriate privileges
  • How to configure MySQL for remote access with firewall rules
Installing and securing MySQL on Ubuntu 26.04

Software Requirements

Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Ubuntu 26.04 Resolute Raccoon
Software MySQL Server (available from default repositories)
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user
TL;DR
Install MySQL and run the security hardening script in a few quick steps.

Quick Steps to Install and Secure MySQL on Ubuntu 26.04
Step Command/Action
1. Install MySQL server $ sudo apt install mysql-server
2. Verify the service is running $ sudo systemctl status mysql
3. Run security hardening $ sudo mysql_secure_installation
4. Log in to MySQL $ sudo mysql

Installing MySQL Server on Ubuntu 26.04

The MySQL server package is available directly from the Ubuntu 26.04 default repositories, so installation requires only a few commands. Before installing, update your package index to ensure you pull the latest available version.

  1. Update the package index: Refresh the repository metadata so that APT pulls the most current package information. 
    $ sudo apt update
  2. Install the MySQL server package: This command installs the MySQL server along with all necessary dependencies. 
    $ sudo apt install mysql-server

    Confirm the installation when prompted. APT will download and configure the MySQL server, and the service will start automatically after installation completes.

  3. Verify that MySQL is running: Use systemctl to confirm the MySQL service has started successfully. 
    $ sudo systemctl status mysql

    You should see active (running) in the output, indicating that the MySQL daemon is operational.

  4. Check the installed version: Optionally, confirm which version of MySQL was installed. 
    $ mysql --version

At this point MySQL is installed and running, but it is not yet hardened. Consequently, the next step is critical for any system that will be accessible beyond a purely local development environment.

Terminal output showing MySQL version 8.4.8 and systemctl status confirming mysql.service is active and running on Ubuntu 26.04Terminal output showing MySQL version 8.4.8 and systemctl status confirming mysql.service is active and running on Ubuntu 26.04
Verifying the MySQL installation version and service status on Ubuntu 26.04

Securing MySQL with mysql_secure_installation

The mysql_secure_installation script is the standard tool for hardening a fresh MySQL deployment. It guides you through several security-related prompts that remove default insecure settings. Therefore, running this script is strongly recommended immediately after installation.

  1. Launch the security script: Run the following command to begin the interactive hardening process. 
    $ sudo mysql_secure_installation
  2. VALIDATE PASSWORD component: The script first asks whether you want to enable the password validation plugin. This plugin enforces password strength requirements for all MySQL accounts. If you choose to enable it, you will be prompted to select a validation level:
    • LOW (0): Passwords must be at least 8 characters
    • MEDIUM (1): Adds requirements for mixed case, numbers, and special characters
    • STRONG (2): Additionally requires passwords to not match dictionary words

    For production environments, selecting MEDIUM or STRONG is advisable.

  3. Root password step (skipped automatically): On Ubuntu 26.04, the MySQL root account uses auth_socket authentication by default. Because of this, the script skips the root password prompt and displays a message stating that password setting is not needed. You can continue to log in as root simply by running sudo mysql. If you later want to switch to password-based authentication for the root account, you can do so with the ALTER USER command as described in the MySQL documentation.
  4. Remove anonymous users: Answer Yes to remove anonymous accounts that allow anyone to connect to MySQL without a dedicated user account.
  5. Disallow root login remotely: Answer Yes to ensure the root account can only connect from localhost. This is an important security measure for any server with network exposure.
  6. Remove the test database: Answer Yes to drop the default test database and revoke access to it. This database is intended for testing only and should not exist on production systems.
  7. Reload privilege tables: Answer Yes to apply all changes immediately.[IMAGE PLACEHOLDER: Screenshot showing the mysql_secure_installation script prompts and responses]

COMPLETED

Your MySQL installation is now hardened. The anonymous users, test database, and remote root login have all been removed.

Managing MySQL Users and Databases

With MySQL installed and secured, you can now create databases and dedicated user accounts. It is best practice to create a separate user for each application rather than using the root account. This approach limits the impact of a potential compromise and provides better audit control. Additionally, if you are considering an alternative to MySQL, you might want to install MariaDB instead, as it is a drop-in replacement.

  1. Connect to MySQL as root: Use the sudo mysql command to open the MySQL shell with root privileges. 
    $ sudo mysql
  2. Create a new database: Create a database for your application or project. 
    mysql> CREATE DATABASE linuxconfig_db;
  3. Create a dedicated user: Create a new MySQL user with a strong password. Replace the password below with your own. 
    mysql> CREATE USER 'linuxconfig_admin'@'localhost' IDENTIFIED BY 'Your_Strong_P@ssw0rd';

    The 'localhost' portion restricts this user to connections from the local machine only.

  4. Grant privileges to the user: Give the new user full control over the specific database. 
    mysql> GRANT ALL PRIVILEGES ON linuxconfig_db.* TO 'linuxconfig_admin'@'localhost';

    This grants all privileges on the linuxconfig_db database only, not on the entire MySQL server.

  5. Apply the privilege changes: Flush the privilege tables to ensure MySQL recognizes the new grants. 
    mysql> FLUSH PRIVILEGES;
  6. Exit the MySQL shell: 
    mysql> EXIT;
  7. Test the new user login: Verify that the new user can connect and access the database. 
    $ mysql -u linuxconfig_admin -p

    Enter the password when prompted. Once connected, verify access:

    mysql> SHOW DATABASES;

    You should see linuxconfig_db listed among the available databases.

    Terminal showing MySQL commands to create the linuxconfig_db database, create the linuxconfig_admin user, grant privileges, and log in as the new user on Ubuntu 26.04Terminal showing MySQL commands to create the linuxconfig_db database, create the linuxconfig_admin user, grant privileges, and log in as the new user on Ubuntu 26.04
    Creating a dedicated MySQL database and user with appropriate privileges on Ubuntu 26.04

Configuring Remote Access to MySQL

By default, MySQL on Ubuntu 26.04 listens only on 127.0.0.1, which means it accepts connections solely from the local machine. If you need to connect from another host on your network, you must modify the bind address and configure your firewall accordingly.

SECURITY ALERT

Exposing MySQL to the network increases your attack surface. Only enable remote access when necessary, and always restrict connections to specific IP addresses or networks using both MySQL user definitions and firewall rules.

  1. Edit the MySQL configuration file: Open the MySQL daemon configuration file in your preferred text editor. 
    $ sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf

    Locate the bind-address directive and change it from 127.0.0.1 to 0.0.0.0 to listen on all interfaces, or specify a particular IP address for more restrictive binding.

    bind-address = 0.0.0.0

    Additionally, the configuration file contains a mysqlx-bind-address directive that controls the MySQL X Protocol (port 33060). This protocol is used by MySQL Shell and connectors that rely on the X DevAPI. If your remote clients use the X Protocol, update this directive as well:

    mysqlx-bind-address = 0.0.0.0

    Nano editor showing MySQL configuration file mysqld.cnf with bind-address and mysqlx-bind-address changed to 0.0.0.0 for remote access on Ubuntu 26.04Nano editor showing MySQL configuration file mysqld.cnf with bind-address and mysqlx-bind-address changed to 0.0.0.0 for remote access on Ubuntu 26.04
    Editing the MySQL bind-address and mysqlx-bind-address directives to allow remote connections

  2. Restart the MySQL service: Apply the configuration change by restarting the daemon. 
    $ sudo systemctl restart mysql
  3. Create a remote user or update an existing user: To allow a specific user to connect from a remote host, create a user account that specifies the remote IP address. 
    $ sudo mysql
    mysql> CREATE USER 'linuxconfig_admin'@'192.168.178.72' IDENTIFIED BY 'Your_Strong_P@ssw0rd';
mysql> GRANT ALL PRIVILEGES ON linuxconfig_db.* TO 'linuxconfig_admin'@'192.168.178.72';
mysql> FLUSH PRIVILEGES;

    Replace 192.168.178.72 with the actual IP address of the client that needs access. For broader access within a subnet, you can use a wildcard such as '192.168.178.%', though this is less secure.

  4. Open the MySQL port in the firewall: If you are running UFW, you need to ufw allow port 3306 for incoming MySQL connections. 
    $ sudo ufw allow from 192.168.178.72 to any port 3306

    This rule permits connections to port 3306 only from the specified IP address, which is more secure than opening the port to all sources.

  5. Verify the configuration: From the remote client machine, test the connection. 
    $ mysql -u linuxconfig_admin -p -h 192.168.178.79

    Replace 192.168.178.79 with the IP address of your MySQL server.

    TLS CONNECTION ERROR

    MySQL 8+ enables TLS by default using auto-generated self-signed certificates. When connecting from a remote client, you may encounter:

    ERROR 2026 (HY000): TLS/SSL error: self-signed certificate in certificate chain

    To connect without TLS verification, the flag depends on which client you are using. If you are connecting with the MariaDB client (the default mysql client on many Ubuntu systems), use --skip-ssl:

    $ mysql -u linuxconfig_admin -p -h 192.168.178.79 --skip-ssl

    If you are connecting with the MySQL client, use --ssl-mode=DISABLED instead:

    $ mysql -u linuxconfig_admin -p -h 192.168.178.79 --ssl-mode=DISABLED

    You can check which client you have by running mysql --version. For production environments, the recommended approach is to copy the server’s CA certificate (/var/lib/mysql/ca.pem) to the client and connect with --ssl-ca=/path/to/ca.pem to maintain encrypted connections.

    Terminal showing successful remote MySQL connection from a MariaDB client using --skip-ssl flag and SHOW DATABASES output listing linuxconfig_dbTerminal showing successful remote MySQL connection from a MariaDB client using --skip-ssl flag and SHOW DATABASES output listing linuxconfig_db
    Connecting remotely to the MySQL server using the MariaDB client with –skip-ssl and verifying database access

For more detailed information on MySQL configuration options and security best practices, refer to the official MySQL 8.4 Reference Manual.

Conclusion

In this tutorial, you installed MySQL on Ubuntu 26.04, hardened the installation using mysql_secure_installation, created a dedicated user and database, and configured remote access with appropriate firewall rules. These steps provide a solid foundation for running MySQL in both development and production environments. Moving forward, consider implementing regular backups, enabling SSL/TLS for encrypted connections, and monitoring your database logs for any suspicious activity.

Frequently Asked Questions

  1. How do I check which version of MySQL is installed on Ubuntu 26.04? Run mysql --version or mysqld --version in the terminal. This will display the exact version number and build information for your MySQL installation.
  2. What is the difference between MySQL and MariaDB on Ubuntu 26.04? MariaDB is a community-developed fork of MySQL that maintains compatibility with MySQL protocols and APIs. Both are available in the Ubuntu 26.04 repositories. MariaDB tends to include additional storage engines and features, while MySQL follows Oracle’s development roadmap. For most applications, they are interchangeable.
  3. How do I reset a forgotten MySQL root password on Ubuntu 26.04? Stop the MySQL service with sudo systemctl stop mysql, then start it in safe mode using sudo mysqld_safe --skip-grant-tables &. Connect with mysql -u root, run ALTER USER 'root'@'localhost' IDENTIFIED BY 'NewPassword';, then restart MySQL normally. On Ubuntu, if auth_socket is in use, you can simply run sudo mysql without a password.
  4. Can I run MySQL and MariaDB on the same Ubuntu 26.04 system simultaneously? No, MySQL and MariaDB conflict with each other because they share the same default port (3306) and many of the same file paths. You must choose one or the other, unless you manually configure separate ports and data directories, which is not recommended for typical use.

PakarPBN

A Private Blog Network (PBN) is a collection of websites that are controlled by a single individual or organization and used primarily to build backlinks to a “money site” in order to influence its ranking in search engines such as Google. The core idea behind a PBN is based on the importance of backlinks in Google’s ranking algorithm. Since Google views backlinks as signals of authority and trust, some website owners attempt to artificially create these signals through a controlled network of sites.

In a typical PBN setup, the owner acquires expired or aged domains that already have existing authority, backlinks, and history. These domains are rebuilt with new content and hosted separately, often using different IP addresses, hosting providers, themes, and ownership details to make them appear unrelated. Within the content published on these sites, links are strategically placed that point to the main website the owner wants to rank higher. By doing this, the owner attempts to pass link equity (also known as “link juice”) from the PBN sites to the target website.

The purpose of a PBN is to give the impression that the target website is naturally earning links from multiple independent sources. If done effectively, this can temporarily improve keyword rankings, increase organic visibility, and drive more traffic from search results.

Jasa Backlink

Download Anime Batch

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *