How to install SNORT on Kali Linux

IDS-IPS 1 — [blog series].

Snort 2.9.7.0 on Kali Linux.

The background

During my journey to enhance my skills in cybersecurity, I faced some challenges in comprehending the intricate details of essentials Linux requirements, even today . Therefore, I decided to share this blog to help you who may be experiencing similar difficulties and continue enjoying the learning process. Welcome.

Some brief details about Snort

Snort can be deployed inline to stop these packets, as well. Snort has three primary uses: As a packet sniffer like tcpdump, as a packet logger — which is useful for network traffic debugging, or it can be used as a full-blown network intrusion prevention system. Snort can be downloaded and configured for personal and business use alike.

Snort - Network Intrusion Detection & Prevention System

Snort 3 is not available in the Debian repositories because the versions in the mirrors might lag behind the latest scripts available on the Snort website.

snort

You can still install Snort on Debian by downloading and installing it from the source code. Snort team themselves recommend this method, and I will demonstrate this in my next blog of IDS-IPS Series.

In review of my VMs of work I found that Snort 2.9.20 is in the exclusive repositories of Parrot and Snort 2.9.15.1 on Ubuntu. You can validate this information with the following command in a terminal, this will search Snort in the actual sources list.

$ sudo apt seach snort

Parrot in virtual machine with snort 2.9.20.

Ubuntu in virtual machine with Snort 2.9.15.1.

If we use this command on Kali Linux with the default repositories, as of the date of publication of this blog, snort will not appear and cannot be installed.

Default repositories on Kali Linux and search for Snort packages.

Disclaimer: Although both Parrot and Ubuntu are Debian distributions, there is a reasons why each one has exclusive repositories. Any bad modification or installation of incompatible tools can compromise security or harm the system, you should test everything in a virtual machine before (if you’re using a bare metal Debian distribution), or a VM clone for this purpose. We will use a repository that is not exclusive to a version of Ubuntu. Be careful and let’s get started.

The installation process

On Kali Linux terminal run the following command to use the nano editor. Instead, if you prefer, you can use mousepad, another text editor that is more friendly for new users. I will use the second.

$ sudo nano /etc/apt/sources.list

$ sudo mousepad /etc/apt/sources.list

The result is the file with the source repositories for updates and installations through apt packages. This is the place where we need to add the Ubuntu repository.

In the next http page, you can find an archive of Ubuntu repositories, this is the source of packages that can be used. I listed below some of them in the correspondient format. I tested this repositories and I find that Snort is only in the first one listed, where Snort 2.9.7.0 is.

Index of /ubuntu

deb http://archive.ubuntu.com/ubuntu/ focal main restricted universe multiverse
#deb-src http://archive.ubuntu.com/ubuntu/ focal main restricted universe multiverse

#deb http://archive.ubuntu.com/ubuntu/ focal-updates main restricted universe multiverse
#deb-src http://archive.ubuntu.com/ubuntu/ focal-updates main restricted universe multiverse

#deb http://archive.ubuntu.com/ubuntu/ focal-security main restricted universe multiverse
#deb-src http://archive.ubuntu.com/ubuntu/ focal-security main restricted universe multiverse

Now, add the source repository to the sources list file, make sure it is not commented with the hashtag symbol, save it to the floppy disk icon and close it, as follows.

Sources list updated

It´s time to make an update test. The system will send us an error with the necessary keys to proceed.

$ sudo apt update

The necessary public keys

In the terminal type and run the following commands to request each public key from the Ubuntu keyserver through port 80 (http).

$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3B4FE6ACC0B21F32

$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 871920D1991BC93C

If the process is successful, the request will have no errors, just a warning about using the apt-key module because another key technology is overriding this method. I tried to import keys via trusted files with .gpg extension but failed. (Let me know if you have information on this method).

Keys imported successfully

It´s time to repeat an update test. As you can see, there are no errors, only a warning for the keys used to update the Ubuntu repository.

$ sudo apt update

Update of kali linux system

Now, we proceed to search snort in the source packages

$ sudo apt search snort

Searching snort apt packages

Found. Now we can proceed to install it.

$ sudo apt install snort

Installing snort

Type Y to continue. A request to add the network will be issued. You can modify this value later. Press Ok.

First snort configuration

After that, check the snort installation with the next command.

$ snort --version

Mission complete!

Indeed!. I try to share my personal experience through this blog series, hoping it will also help you.

Fell free to connect here on Medium and Twitter.

https://twitter.com/eddarct

Do you have a blog? Are you in cybersecurity? Let me know. See you in the next time.

The first encounter: a hacking laboratory