The whole process of Snort in Ubuntu is from compilation, installation to debugging.

1. Compilation is completed in Ubuntu11.04 (32bit). Ubuntu uses the default installation method. Snort uses some third-party libraries. These libraries are not installed in Ubuntu by default, so we need to manually install them. Including: libdnet-1.12, libpcap-1.0.0, pcre-8.12, zlib-1.2.5 and so on, in addition to the need to install build-essential, flex and bison package. These

I. Compilation

Compilation is completed in Ubuntu 11.04 (32bit). Ubuntu adopts the default installation method.

Snort uses some third-party libraries. These libraries are not installed in Ubuntu by default, so we need to manually install them. Including: libdnet-1.12, libpcap-1.0.0, pcre-8.12, zlib-1.2.5 and so on, in addition to the need to install build-essential, flex and bison package.

Compilation and installation of these third-party libraries are relatively simple. Generally, you only need to execute the following three commands:

./Configure
Make
Sudo make install

After the dependent packages and libraries are installed, You can compile and install snort.

. In addition, you should also download the daq source code, because snort needs to use this library during compilation. The snort official site also provides source code download. In this document, the compressed package named daq-0.5.tar.gz is 0.5. Finally, we need to download the snort rule repository because we need the snort to work in the IDS mode, which requires the corresponding intrusion detection rule repository. Fortunately, the snort official version also provides a rule repository for download, but it is divided into a paid version and a free version. You only need to register a free account to download the free version of the rule repository. The compressed package used in this document is named snortrules-snapshot-2905.tar.gz. You do not need to use a rule repository during compilation.

Next is the snort compilation process. /configure is acceptable, but some snort functions compiled in this way are not enabled and cannot meet our needs. Therefore, some configuration options must be used, as shown below:

. /Configure-enable-ipv6-enable-gre-enable-mpls-enable-targetbased-enable-decoder-preprocessor-rules-enable-ppm-enable-perfprofiling-enable-zlib-enable-active -response-enable-normalizer-enable-reload-enable-react-enable-flexresp3

After the installation is complete, use the make command for compilation. After editing, use sudo make install to complete the installation.

Below is the compilation process:

[] Snort compilation in progress

[] Snort compiled