Installing Snort in Ubuntu

Snort – Intrusion Prevention System (IPS) and Intrusion Detection System (IDS) by traffic analysis.

The Snort installation command in Ubuntu/Debian:

sudo apt-get install snort

After installation, we will test the launch of Snort:

ps aux | grep snort | grep -v grep
service snort status

The configuration files are located in the /etc/snort/directory, and the detection rules in /etc/snort/rules/.

To reconfigure snort in Ubuntu, you can use the command:

sudo dpkg-reconfigure snort

Or manually opening the configuration in a text editor:

sudo nano /etc/snort/snort.conf

The configuration validation command:

sudo snort -T -c /etc/snort/snort.conf

If the test is successful, you will see:

Snort successfully validated the configuration!
Snort exiting

Example of restarting snort:

sudo service snort restart

An example of viewing logs:

u2spewfoo /var/log/snort/snort.log

See also https://www.snort.org/faq/readme-unified2

Leave a comment

Leave a Reply