Search
Close this search box.
Search
Close this search box.

Setting Up Snort IDS, Part 1: Installation Guide

Welcome to all budding hackers!

In your journey into cybersecurity, you’ll likely encounter Snort, the go-to intrusion detection system (IDS). Similar to antivirus software, Snort scans your network for malicious activity and alerts you to potential threats.

Developed by Martin Roesch in 1999, Snort’s widespread adoption led Cisco to acquire it in 2014. Given Cisco’s dominance in networking, Snort’s integration into their devices means it’s ubiquitous. Understanding Snort, therefore, is invaluable, regardless of whether your environments directly use it.

Getting Started with Snort

Method 1: Repository Installation

Snort installation can be straightforward if it’s available in your system’s repository. For Kali users, you’ll need to add a repository containing Snort, as it’s no longer included by default.
This involves editing the /etc/sources.list file to add a Debian repository, given Kali’s Debian roots.

After updating your package list (apt-get update), install Snort with apt-get install snort.
To verify the installation, a simple snort -V should return the installed version.

Method 2: Compiling from Source

For those seeking optimized performance, compiling Snort from its source code ensures a tailored fit for your system, enhancing efficiency. This method also guarantees the latest version, a critical advantage in maintaining security.

First, create a directory for the source code:

mkdir snort_source
cd snort_source

Prior to downloading Snort, it’s crucial to install the Data Acquisition library (DAQ), along with its necessary prerequisites:

apt-get install -y bison flex

Download and install DAQ from the Snort website:

wget https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz
tar -xvzf daq-2.0.6.tar.gz
cd daq-2.0.6
./configure
make
make install

Proceed to fetch the Snort source code:

wget https://snort.org/downloads/snort/snort-2.9.8.0.tar.gz
tar -xvzf snort-2.9.8.0.tar.gz
cd snort-2.9.8.0

Configure the downloaded source:

./configure –enable-sourcefire

Compile the source code to suit your system:

make
make install

To ensure the system recognizes the new libraries, update them:

ldconfig

For ease of access, create a symbolic link to run Snort from any directory:

ln -s /usr/local/bin/snort /usr/sbin/snort

To verify the installation, check Snort’s version:

sudo snort

With Snort now installed, we’ll move on to configuration and management in the next installment of this series. Stay tuned, and keep honing your hacking skills!

Leave a Reply

Your email address will not be published. Required fields are marked *

Socials Share

Facebook
Twitter
LinkedIn