In this tutorial, we will show you how to install Snort on Ubuntu 22.04 LTS. For those of you who didn’t know, Snort is an open-source, free and lightweight network intrusion detection system (NIDS) software for Linux and Windows operating systems to detect emerging threats. Snort has a real-time alerting capability, with alerts being sent to syslog, a separate “alert” file, or even to a Windows computer via Samba.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘
sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Snort network intrusion detection system on Ubuntu 22.04 (Jammy Jellyfish). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.
- A server running one of the following operating systems: Ubuntu 22.04, 20.04, and any other Debian-based distribution like Linux Mint.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- SSH access to the server (or just open Terminal if you’re on a desktop).
non-root sudo useror access to the
root user. We recommend acting as a
non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.
Install Snort on Ubuntu 22.04 LTS Jammy Jellyfish
Step 1. First, make sure that all your system packages are up-to-date by running the following
apt commands in the terminal.
sudo apt update sudo apt upgrade sudo apt install wget apt-transport-https gnupg2 software-properties-common
Step 2. Installing Snort on Ubuntu 22.04.
- Method 1. Install Snort using the Ubuntu default repository.
By default, Snort is available on Ubuntu 22.04 base repository. Now install Snort to your Ubuntu system using the following command:
sudo apt install snort
Verify the version of Snort on your system:
- Method 2. Install Snort from the source code.
Before starting, you will need to install some dependencies on your server. You can install all of them by running the following command:
sudo apt install build-essential libpcap-dev libpcre3-dev libnet1-dev zlib1g-dev luajit hwloc libdnet-dev libdumbnet-dev bison flex liblzma-dev openssl libssl-dev pkg-config libhwloc-dev cmake cpputest libsqlite3-dev uuid-dev libcmocka-dev libnetfilter-queue-dev libmnl-dev autotools-dev libluajit-5.1-dev libunwind-dev libfl-dev
Run the following command to download the latest version of Snort from the official page:
Next, extract the downloaded file:
tar -xvzf 22.214.171.124.tar.gz
Navigate the snort directory containing the installation file and compile it:
cd snort3-126.96.36.199 ./configure_cmake.sh --prefix=/usr/local --enable-tcmalloc
Next, change the directory to the build directory and install the Snort with the following command:
cd build make make install ldconfig
Verify the Snort version using the following command:
,,_ -*> Snort++ <*- o" )~ Version 188.8.131.52 '''' By Martin Roesch & The Snort Team http://snort.org/contact#team Copyright (C) 2014-2022 Cisco and/or its affiliates. All rights reserved. Copyright (C) 1998-2013 Sourcefire, Inc., et al. Using DAQ version 3.0.10 Using LuaJIT version 2.1.0-beta4 Using OpenSSL 3.0.3 15 Mar 2022 Using libpcap version 1.10.1 (with TPACKET_V3) Using PCRE version 8.39 2016-06-14 Using ZLIB version 1.2.11 Using LZMA version 5.2.5
Congratulations! You have successfully installed Snort. Thanks for using this tutorial for installing the Snort network intrusion detection on Ubuntu 22.04 LTS Jammy Jellyfish system. For additional help or useful information, we recommend you check the official Snort website.