How to Install Snort on Ubuntu 22.04

Install Snort on Ubuntu 22.04

In this article, we will have explained the necessary steps to install Snort on Ubuntu 22.04 LTS. Before continuing with this tutorial, make sure you are logged in as a user with sudo privileges. All the commands in this tutorial should be run as a non-root user.

Snort is an open-source lightweight network Intrusion Prevention System for running a network intrusion detection system (NIDS). Snort is used to monitor the package data sent/received through a specific network interface. Correctly installed and configured Snort can be very useful in detecting different kinds of attacks and threats like SMB probes, malware infections, compromised systems, etc.

Prerequisite:

  • Operating System with Ubuntu 22.04
  • Server IPv4 Address with Superuser Privileges (Root Access)
  • Gnome Terminal for Linux Desktop
  • PuTTy SSH client for Windows or macOS
  • Powershell for Windows 10/11
  • Familiar with APT Commands

Install Snort on Ubuntu 22.04 LTS

Step 1. First, before you start installing any package on your Ubuntu server, we always recommend making sure that all system packages are updated.

sudo apt update
sudo apt upgrade
sudo apt install build-essential libpcap-dev libpcre3-dev libnet1-dev zlib1g-dev luajit hwloc libdnet-dev libdumbnet-dev bison flex liblzma-dev openssl libssl-dev pkg-config libhwloc-dev cmake cpputest libsqlite3-dev uuid-dev libcmocka-dev libnetfilter-queue-dev libmnl-dev autotools-dev libluajit-5.1-dev libunwind-dev libfl-dev

Step 2. Install Snort on Ubuntu.

Snort installation is quite easy and straightforward since the Snort package is accessible in the repositories of the majority of Linux distributions. Now You can follow the steps given below for downloading and setting up the Snort:

wget [https://github.com/snort3/snort3/archive/refs/heads/master.zip](https://github.com/snort3/snort3/archive/refs/heads/master.zip)
unzip master.zip
cd snort3-master
./configure_cmake.sh --prefix=/usr/local --enable-tcmalloc

You will see similar output given below:

------------------------------------------------------
snort version 3.1.39.0

Install options:
prefix: /usr/local
includes: /usr/local/include/snort
plugins: /usr/local/lib/snort
Compiler options:
CC: /usr/bin/cc
CXX: /usr/bin/c++
CFLAGS: -fvisibility=hidden -DNDEBUG -g -ggdb -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-free -O2 -g -DNDEBUG
CXXFLAGS: -fvisibility=hidden -DNDEBUG -g -ggdb -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-free -O2 -g -DNDEBUG
EXE_LDFLAGS:
MODULE_LDFLAGS:
 
Feature options:
DAQ Modules: Static (afpacket;bpf;dump;fst;gwlb;nfq;pcap;savefile;trace)
libatomic: System-provided
Hyperscan: OFF
ICONV: ON
Libunwind: ON
LZMA: ON
RPC DB: Built-in
SafeC: OFF
TCMalloc: ON
JEMalloc: OFF
UUID: ON
-------------------------------------------------------
-- Configuring done
-- Generating done
-- Build files have been written to: /home/alp/snort_src/snort3-master/build

Next, navigate to the build directory and install Snort 3:

cd build
make
sudo make install
sudo ldconfig

Verify Snort 3 installation:

snort -V

To test your Snort installation with the default configuration file, run the next command:

snort -c /usr/local/etc/snort/snort.lua

That’s all you need to do to install Snort on Ubuntu 22.04 LTS Jammy Jellyfish. I hope you find this quick tip helpful. For further reading on the installation of the Snort network intrusion detection system (NIDS), please refer to their official knowledge base. I hope this article was helpful to you. If you find it useful, don’t forget to share it with your friend and family. Also, if you have any questions, please feel free to ask in the comments section. We are always there to assist you.