Snort Installation Guide :
Step 1 :
sudo apt install -y gcc libpcre3-dev zlib1g-dev libluajit-5.1-dev \
libpcap-dev openssl libssl-dev libnghttp2-dev libdumbnet-dev \
bison flex libdnet autoconf libtool
Step 2 :
mkdir ~/snort_src && cd ~/snort_src
Step 3 :
wget https://www.snort.org/downloads/snort/daq-2.0.7.tar.gz
Step 4 :
tar -xvzf daq-2.0.7.tar.gz;cd daq-2.0.7
Step 5 :
autoreconf -f -i
Step 6 :
./configure && make && sudo make install
Step 7 :
cd ../
Step 8 :
wget https://www.snort.org/downloads/snort/snort-2.9.16.tar.gz
Step 9 :
tar -xvzf snort-2.9.17.tar.gz;cd snort-2.9.17
Step 10 :
./configure –enable-sourcefire && make && sudo make install
Step 11 :
sudo ldconfig
Step 12 :
sudo ln -s /usr/local/bin/snort /usr/sbin/snort
Step 13 :
sudo groupadd snort
sudo useradd snort -r -s /sbin/nologin -c SNORT_IDS -g snort
Step 14 :
sudo mkdir -p /etc/snort/rules
sudo mkdir /var/log/snort
sudo mkdir /usr/local/lib/snort_dynamicrules
Step 15 :
sudo chmod -R 5775 /etc/snort
sudo chmod -R 5775 /var/log/snort
sudo chmod -R 5775 /usr/local/lib/snort_dynamicrules
sudo chown -R snort:snort /etc/snort
sudo chown -R snort:snort /var/log/snort
sudo chown -R snort:snort /usr/local/lib/snort_dynamicrules
Step 16 :
sudo touch /etc/snort/rules/white_list.rules
sudo touch /etc/snort/rules/black_list.rules
sudo touch /etc/snort/rules/local.rules
Step 17 :
sudo cp ~/snort_src/snort-2.9.17/etc/*.conf* /etc/snort
sudo cp ~/snort_src/snort-2.9.17/etc/*.map /etc/snort
Step 18 :
sudo sed -i “s/include \$RULE\_PATH/#include \$RULE\_PATH/” /etc/snort/snort.conf
sudo gedit /etc/snort/snort.conf
#Setup the network addresses you are protecting