Configure Snort in Ubuntu (Easy Way)

In our previous article we had discussed “Manually Snort Installation” in your system but there is another method also available by apt-repository which reduce your manually effort and automatically configure snort in your system.

Snort is software created by Martin Roesch, which is widely use as Intrusion Prevention System [IPS] and Intrusion Detection System [IDS] in network. It is separated into the five most important mechanisms for instance: Detection engine, Logging and alerting system, Packet decoder, Preprocessor and Output modules.

The program is quite famous to carry out real-time traffic analysis, also used to detect query or attacks, packet logging on Internet Protocol networks, to detect malicious activity, denial of service attacks and port scans by monitoring network traffic, buffer overflows, server message block probes, and stealth port scans.

Snort can be configured in three main modes:

  • Sniffer mode: it will observe network packets and present them on the console.
  • Packet logger mode: it will record packets to the disk.
  • Intrusion detection mode: the program will monitor network traffic and analyze it against a rule set defined by the user.

After that the application will execute a precise action depend upon what has been identified.

Let’s Begin!!

Snort Installation

We had chosen ubuntu 16.02 operating system for installation and configuration of snort. Earlier than installing snort in your machine, you should need to install necessary dependencies of ubuntu.

Check your network interface configuration by executing ifconfig command; from here I came to know 192.168.1.107 is my network IP.

Earlier than installing snort in your machine, you should need to install necessary dependencies of ubuntu. Therefore open the terminal and type given below command to install pre-requisites by a making update.

sudo apt-get update

It is an easiest way to install and configure the snort is your system because all its requirement whether it is snort rules directory or logging directory every packages is are stored by apt repository. Enter given below command to begin the snort installations. 

sudo apt-get install snort*

By defaut eth0 is listening interface is set in snort configuration since my network belongs to ens33,  therefore I choose it as listening interface as shown in given below image.

In next configuration step it will ask to enter CIDR value for address range for local network. From given image you can observe I had mention CIDR 192.168.1.1/24 for a range of 256 address.

You can also multiple values by using comma without space to separate those address

After then open the configuration file using gedit for making some changes inside.

sudo gedit /etc/snort/snort.conf

Scroll down the text file near line number 45 to specify your network for protection as shown in given image.

#Setup the network addresses you are protecting

 ipvar HOME_NET 192.168.1.1/24

Now run given below command to enable IDS mode of snort

sudo snort -A console -i ens33 -c /etc/snort/snort.conf

Now it will compile the complete file and test the configuration setting automatically as shown in given below image:

Great!! We had successfully configured snort as IDS for protecting our network.

[Note: If apt- repository get failed to install snort then go with manual configuration from here.]

Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here

Related Posts Plugin for WordPress, Blogger...

Leave a Reply