snort, a network intrusion prevention system, is a widely used network-based IDS. It is open source and available for multiple platforms. It is most commonly used for network monitoring, network configuration, and network prevention. Although snort is well supported on different platforms, but on Ubuntu you cannot install it from Ubuntu official repository, you have to build it from source.

This article describes the complete process of compiling and installing snort on Ubuntu.

Compile and install Snort from source on Ubuntu

For installing and compiling snort From source code on Ubuntu, follow the steps outlined below:

Step 1: Update/Upgrade Repository

The first step is to upgrade and update the repository:

Step 2: Install dependencies

Then install the dependencies required for snort by using the command mentioned below:

Step 3: Create a Snort directory

Then create a directory for snort Since we want to install many files and organize them, it is recommended to create a separate directory for it:

Step 4: Download and Install Snort DAQ

Recreated after changing directory to snort directory, we need to compile the source code for data collection DAQ, it is not present in the official repository:

Then change the library in libdaq where the downloaded DAQ will be cloned:

Then run the commands below to install the configuration files:

And start configuring the files with the following command:

Then run the command mentioned below to build the executable files:

Then use the command mentioned below to perform the installation:

Step 5: Download Performance Enhancement Packages

For better performance, we install Google thread caching malloc, TCmalloc, a memory mapper and performance booster with the command written below:

To do this, go back to snort directory with the following command:

Then download the performance booster pack with the following command:

Once downloaded, extract the .tar file:

Change to the directory gperftools and install the configuration files using the below mentioned commands:

On Ubuntu, configure the file with the following command:

Then run the make command to create the files:

Finally, install the packages using the make command mentioned below:

Step 6: Download and install Snort from source file

Now that all the preparations to build the snort are complete, it’s time to download and install them snort in the created snort Directory created in step 3:

To do this, go back to snort directory with the command written below:

Then download it snort Source file on Ubuntu by the following command:

After downloading the snort zip file, run the command written below to unzip the file:

Navigate to snort source directory with the following command:

Run the dynamic memory management command written below while all files are being created:

Change to the build directory with the following command:

Then create files with the following command:

After building now run the command written below to finally install all generated dependencies and snort Packages on the Ubuntu system.

Step 7: Update shared libraries

After installation snortlet’s update the shared libraries by running the command mentioned below:

Step 8: Verifying the Snort Installation

Once everything is done successfully, now run the version command written below to verify the installation of Snort on Ubuntu system:

Another way to test this snort installed and built perfectly from source code is to run the command written below:

If your output looks like the one shown below, the installation of snort successfully completed and accurately built:

Diploma

snort is a great tool for network prevention, but it doesn’t exist in the official repository, so the user has to build and compile the snort from source. The full process of downloading and building the Snort from source is described in this article. Also, we installed a performance booster pack to get better performance of snort on Ubuntu system.