Snort is a useful open source to protect against network intrusion on the system also known as NIDS. Over a specific network interface, Snort can monitor packet data sent and received.
Using signature-based detection and protocol analysis technologies NIDS can detect threats that target weaknesses and vulnerabilities in your system. Once you have installed and configured it correctly, NIDS software can identify different types of attacks and suspicions.
Here at LinuxAPT, we shall look into how to install Snort on Ubuntu 20.04.
1. Perform System Update
To begin, Run the apt command to update:
$ sudo apt update
2. Install required system libraries
To do this, Run the following command:
$ sudo apt-get install build-essential libpcap-dev libpcre3-dev libnet1-dev zlib1g-dev luajit hwloc libdnet-dev libdumbnet-dev bison flex liblzma-dev openssl libssl-dev pkg-config libhwloc-dev cmake cpputest libsqlite3-dev uuid-dev libcmocka-dev libnetfilter-queue-dev libmnl-dev autotools-dev libluajit-5.1-dev libunwind-dev
After completing the installation. create a directory containing the compilation and source files for Snort:
$ mkdir snort-source-files
$ cd snort-source-files
Then install LibDAQ:
$ git clone https://github.com/snort3/libdaq.git
Next, Run the following commands:
$ cd libdaq
$ ./bootstrap
$ ./configure
$ make
$ sudo make install
Then install Tcmalloc:
$ cd ../
$ wget https://github.com/gperftools/gperftools/releases/download/gperftools-2.9.1/gperftools-2.9.1.tar.gz
$ tar xzf gperftools-2.9.1.tar.gz
$ cd gperftools-2.9.1/
$ ./configure
$ make
$ sudo make install
3. Install Snort 3
To install Snort, run the below commands:
$ cd ../
$ git clone git://github.com/snortadmin/snort3.git
Next, Navigate to the snort3 directory:
$ cd snort3/
Then, Configure and enable tcmalloc:
$ ./configure_cmake.sh --prefix=/usr/local --enable-tcmalloc
Navigate to the build directory to compile and install Snort 3:
$ cd build
$ make
$ sudo make install
Update shared libraries:
$ sudo ldconfig
Create a symlink for /usr/sbin/snort, run the command:
$ sudo ln -s /usr/local/bin/snort /usr/sbin/snort
Finally, Check if the installation was successful:
$ snort -V
To uninstall only the snort package we can use the following command:
$ sudo apt-get remove snort
You can use the following command to remove snort configurations, data and all of its dependencies, we can use the following command:
$ sudo apt-get -y autoremove --purge snort
This article covers how to install Snort on Ubuntu 20.04. In fact, Snort monitors the package data sent and received through a specific network interface. NIDS can catch threats targeting your system vulnerabilities using signature-based detection and protocol analysis technologies. NIDS software, when installed and configured appropriately, can identify the latest attacks, malware infections, compromised systems, and network policy violations.