Snort installation in Kali Linux from the source
Snort Installation (Step By Step)
For a better download speed when performing update, upgrade and download package from website (optional).
- Open the sources list file with the text editor (preferred) where my current text editor is mousepad. With command: cd /etc/apt/.
2. The repositories in the file (old ones).
3. Find the mirror that are nearest to your location with the following website open in Kali Linux: http://http.kali.org/README.mirrorlist. Pick any one that available in the list.
4. Change at the sources list that we opened just now. Change the highlighted part from the mirror list and save it with shortcut: Ctrl+S. (If permission is denied, then when open up the mousepad, remember to add sudo infront of the command: sudo mousepad sources.list)
Now let’s begin with the snort installation
Before this, we will perform the update and upgrade in terminal.
First begin the update of your Kali Linux system by updating the packages index list. With the following command: sudo apt-get update .
Next, display all packages which are scheduled for update with this command: apt list –upgradable (optional)
Now we can either upgrade packages selected with this command: apt-get install package name (Note that in this example, I just pick random package name that are not displayed above because the list is too long to be included in the image above.)
or we can upgrade all with command: sudo apt-get upgrade
The real installation start from here (DAQ).
- which is also another prerequisite software for snort installation. Please start the installation from here on to install the snort successfully.TQ
- For the ease of management of the file, make a directory by using the command: mkdir snort_source and change directory: cd snort_source.
2. Before we download Snort, we need to install the Data Acquisition library or DAQ. It has few prerequisites that needed to be download which is bison and flex with the following command: apt-get install -y bison flex.
3. Go to snort official website: : https://www.snort.org and look for the source download link for the packages.
4. Now we can install and download the DAQ for the snort. Start with the following command: wget https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz and unpack the file with another command: tar -xvzf daq-2.0.6.tar.gz . Then, change directory to the file that we unpack with command: cd daq-2.0.6 .
5. Then, we configure and make the DAQ with command: ./configure && make && sudo make install .
6. Then, we may encounter an error related to the Libpcap is absent. Then, we need to find and download the tar file from the official Tcpdump website: https://www.tcpdump.org/ .
7. Then, move the file downloaded to another directory for ease of management with command: mv libpcap-1.9.1.tar.gz ~/snort_source .
8. Unpack the libpcap tar file with command: tar -xvzf libpcap-1.9.1.tar.gz. Then, change the directory and make, configure and install the libpcap with command: ./configure && make && sudo make install.
9. If error persist on and (ERROR! libpcap library version >=1.0.0 not found). Try install libpcap-dev which would let you build libpcap programs for Linux distribution but not for other operating systems such as Windows. Enter this command: sudo apt-get install libpcap-dev.
Second Part of installation (Snort)
This is optional but you can install the required programs first before any the installation of snort or run it separately when the error occurred.
1. First need to install all the prerequisite software to ready your Linux system for installing Snort itself. Install the required libraries with the following command: sudo apt-get install -y gcc make libpcre3-dev zlib1g-dev libluajit-5.1-dev openssl libssl-dev libnghttp2-dev libdumbnet-dev .
2. Download few software from it original source because it does not present in the Kali Linux system itself. First, download the pcre from the website: http://www.pcre.org/. Then, select the latest version to download.
3. Then, move the pcre tar file to the snort_source directory for ease of the management with this command: mv prcre2–10.34.tar.gz ~/snort_source and unpack it with the command: tar -xvzf prcre2–10.34.tar.gz. Later, change directory to pcre with command: cd pcre2–10.34 .
4. Then, make, configure and install the pcre with command: ./configure && make && sudo make install .
5. Next, we need to find and download the Luajit from the official website: http://luajit.org/download.html. Select and download the stable version or tar file.
6. Then, move the LuaJIT tar file to the snort_source directory for ease of management with this command: mv LuaJIT-2.0.5.tar.gz ~/snort_source and unpack it with the command: tar -xvzf LuaJIT-2.0.5.tar.gz . Later, change directory to pcre with command: cd LuaJIT-2.0.5 .
7. Then, make and install LuaJIT-2.0.5 with command: make && sudo make install .
8. Now, we can find and start download the snort from the original website: https://www.snort.org/ with command : wget https://www.snort.org/downloads/snort/snort-2.9.15.1.tar.gz .Then, unpack it in the snort_source directory with command: tar -xvzf snort-2.9.15.1.tar.gz and change directory to snort with command: cd snort-2.9.15.1 .
9. Then, configure, make and install with command: ./configure — enable-sourcefire && make && sudo make install .
10. Check whether snort is installed in the machine with command: snort -V .
Congratulations snort installation is finished and have fun guys !!!
