If you’re new to Ubuntu, using a terminal to install packages or tools like Snort can be intimidating.
This is considering you might have gotten used to the installation through setup files.
But fear not!
In this guide, I’ll walk you through various methods to install Snort on Ubuntu, ensuring you find a process that’s comfortable for you.
What Is Snort?
Snort, developed by Sourcefire, is a distinguished open-source tool for intrusion detection (IDS).
It constantly scans network interactions, identifying anomalies that could be signs of potential security breaches.
Its main function is to spot and counteract any unauthorized entries, misuse, or harmful actions on a digital network.
What You’ll Need?
- A fully set up and functioning PC with Ubuntu
- Basic understanding of Ubuntu’s terminal operations (guide)
- Necessary permissions (sudo) to install software on Ubuntu (guide)
- A stable internet connection
If you have the above prerequisites, proceed further with the steps to install Snort.
How to Install Snort on Ubuntu: 3 Ways
Method 1: Installing Snort Using the apt
Manager
The apt manager is designed to simplify software management by automatically resolving dependencies and ensuring software versions are current.
This method is best for those who want a straightforward installation process without getting into complex steps and manual configurations.
Step 1: Update the apt
Packages and Install Snort Using the apt
It is important to update the packages regularly to ensure the wellness of system security and stability. Usually, the packages are updated to address vulnerabilities and optimize performance.
- To begin with, launch the terminal on Ubuntu using the key combinations CTRL+ALT+T keys. After the terminal is loaded, enter the following command:
sudo apt update
- After the packages are updated, proceed to install Snort using the below command, and the installation is carried out without involvement:
sudo apt install snort –y
If you’re curious about the -y flag in the command, it is used to auto-confirm ‘yes’ for any prompts, eliminating manual interventions.
For example, it addresses common prompts like “Do you want to continue? [Y/n] ” by automatically selecting ‘Y,’ resulting in a faster process, as there is no manual intervention.
Method 2: Installing Snort Using apt-get
Manager
Before apt became Ubuntu’s default package management tool, the “apt-get” was the trusted tool for software and packet management.
While it shares similarities with apt, it offers in-depth control over package installations and is often used for scripting and automation tasks.
I suggest this method for those seeking a balance between automation and manual control.
Step 1: Update the apt Packages and Install Snort Using the apt
- While I have updated the packages in Method 1, if you’re planning on following this method, update the packages using the following command:
sudo apt update
- After ensuring your system is up-to-date, move on to the Snort installation through apt-get using the following command:
sudo apt-get install snort –y
- During the installation, opens the Snort configuration and instructs to use CIDR as the syntax for defining network addresses. Now navigate to <Ok> using the navigation keys and hit Enter to proceed.
- Verify the address range provided by the installer for the network structure that is automatically detected, and once you’re sure, hit Enter to resume installation.
Method 3: Installing Snort From Source Code
While the above two methods are focused on finishing the installation without manual intervention, this method offers the most control over the installation process, allowing for specific version installations, patches, or custom builds.
I suggest this method for those who want maximum control over the installation parameters and are comfortable navigating the build process.
Step 1: Install the Required Dependencies
Dependencies are the building blocks that support package functionality. Irrespective of the package, with all dependencies installed, the installation turns seamless.
In the case of Snort, follow the below instructions to get its crucial dependencies.
- Launch your terminal and set up the necessary environment for Snort’s compilation using the following command:
sudo apt install build-essential libpcap-dev libpcre3-dev libdumbnet-dev bison flex zlib1g-dev –y
Step 2: Download the Desired Version of Snort
When installing Snort through source code, the ability to choose a specific stable version, including pre-release for testing purposes, makes it extremely flexible.
Here’s how to do it:
- Check out Snort’s website for the version you’re looking for and download it from the terminal using the below command:
wget https://www.snort.org/downloads/snort/ snort3-3.1.71.0.tar.gz.
Note: At the time of writing this, the latest version of Snort is snort3-3.1.71.0. However, replace the version you’re interested in at the end of the command.
If you’re curious about the wget command, it is a utility to download files from the web, fetching the specified URL and saving it locally.
Step 3: Extract the Snort tar
file
As this method doesn’t deal with the setup files but tar files, it is mandatory to extract it to find the Snort installation file using the following instructions:
- Once you have downloaded the Snort tar file, ensure you move to the directory it is saved using the cd command. If you’re already in the directory where it is saved, enter the following command:
tar xvzf snort3-3.1.71.0.tar.gz
If you’re curious about xvzf flags, here’s the breakdown:
- x: Stands for “extract,” which indicates that files should be extracted from the archive.
- v: Stands for “verbose,” displays the progress in the terminal.
- z: Indicates that the archive is gzipped and needs to be decompressed.
- f: Stands for “file,” and it implies that a filename should follow.
Step 4: Navigate to the Snort directory
- After you’re done with extracting the snort tar file, navigate correctly to where the Snort installation file is located to ensure that the build command targets the right files using the following command:
cd snort3-3.1.71.0
Like the extract command, change the snort version in the command with the version you have downloaded to ensure no errors and to proceed further.
Step 5: Compile and install Snort
The last step involves compilation, which transforms the source code into a functional software component tailored to your system’s specifications.
Here’s how to compile and install the Snort installation file.
- On the terminal, initiate the build and start the compilation and installation process using the below command:
./configure --enable-sourcefire && make && sudo make install
Also Read: How To Install Fail2Ban on Linux Mint 21
How to Uninstall Snort on Ubuntu
To remove or uninstall Snort from Ubuntu, enter the following command:
sudo apt-get remove --purge snort –y
Conclusion
In this guide, we have explained several methods to install Snort on Ubuntu, but we have yet to explain how to configure and make it work.
For now, consider this as the first step. In a future post, I will go over how you can go about configuring Snort.