UbuntuUbuntu Based

How To Install Snort on Ubuntu 22.04 LTS

Install Snort on Ubuntu 22.04 LTS

In this tutorial, we will show you how to install Snort on Ubuntu 22.04 LTS. For those of you who didn’t know, Snort is an open-source, free and lightweight network intrusion detection system (NIDS) software for Linux and Windows operating systems to detect emerging threats. Snort has a real-time alerting capability, with alerts being sent to syslog, a separate “alert” file, or even to a Windows computer via Samba.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Snort network intrusion detection system on Ubuntu 22.04 (Jammy Jellyfish). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.

Prerequisites

  • A server running one of the following operating systems: Ubuntu 22.04, 20.04, and any other Debian-based distribution like Linux Mint.
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install Snort on Ubuntu 22.04 LTS Jammy Jellyfish

Step 1. First, make sure that all your system packages are up-to-date by running the following apt commands in the terminal.

sudo apt update
sudo apt upgrade
sudo apt install wget apt-transport-https gnupg2 software-properties-common

Step 2. Installing Snort on Ubuntu 22.04.

  • Method 1. Install Snort using the Ubuntu default repository.

By default, Snort is available on Ubuntu 22.04 base repository. Now install Snort to your Ubuntu system using the following command:

 sudo apt install snort

Verify the version of Snort on your system:

snort --version
  • Method 2. Install Snort from the source code.

Before starting, you will need to install some dependencies on your server. You can install all of them by running the following command:

sudo apt install build-essential libpcap-dev libpcre3-dev libnet1-dev zlib1g-dev luajit hwloc libdnet-dev libdumbnet-dev bison flex liblzma-dev openssl libssl-dev pkg-config libhwloc-dev cmake cpputest libsqlite3-dev uuid-dev libcmocka-dev libnetfilter-queue-dev libmnl-dev autotools-dev libluajit-5.1-dev libunwind-dev libfl-dev

Run the following command to download the latest version of Snort from the official page:

wget https://github.com/snort3/snort3/archive/refs/tags/3.1.43.0.tar.gz

Next, extract the downloaded file:

tar -xvzf 3.1.43.0.tar.gz

Navigate the snort directory containing the installation file and compile it:

cd snort3-3.1.43.0
./configure_cmake.sh --prefix=/usr/local --enable-tcmalloc

Next, change the directory to the build directory and install the Snort with the following command:

cd build
make
make install
ldconfig

Verify the Snort version using the following command:

snort -V

Output:

   ,,_     -*> Snort++ <*-
  o"  )~   Version 3.1.43.0
   ''''    By Martin Roesch & The Snort Team
           http://snort.org/contact#team
           Copyright (C) 2014-2022 Cisco and/or its affiliates. All rights reserved.
           Copyright (C) 1998-2013 Sourcefire, Inc., et al.
           Using DAQ version 3.0.10
           Using LuaJIT version 2.1.0-beta4
           Using OpenSSL 3.0.3 15 Mar 2022
           Using libpcap version 1.10.1 (with TPACKET_V3)
           Using PCRE version 8.39 2016-06-14
           Using ZLIB version 1.2.11
           Using LZMA version 5.2.5

Congratulations! You have successfully installed Snort. Thanks for using this tutorial for installing the Snort network intrusion detection on Ubuntu 22.04 LTS Jammy Jellyfish system. For additional help or useful information, we recommend you check the official Snort website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!

r00t

r00t is a seasoned Linux system administrator with a wealth of experience in the field. Known for his contributions to idroot.us, r00t has authored numerous tutorials and guides, helping users navigate the complexities of Linux systems. His expertise spans across various Linux distributions, including Ubuntu, CentOS, and Debian. r00t's work is characterized by his ability to simplify complex concepts, making Linux more accessible to users of all skill levels. His dedication to the Linux community and his commitment to sharing knowledge makes him a respected figure in the field.
Back to top button