Creating a Linux Virtual Machine
One of the easiest ways to set up a Linux instance to use with Snort and related tools is to create a Linux virtual machine on your computer, using available virtualization technology such as VMware, VirtualBox, or Parallels. These instructions assume the use of the free VMware Workstation Player software from VMware, but the basic process for creating a Linux virtual machine is quite similar on other virtualization platforms. Using a virtual machine has several advantages, most importantly including the fact that you don’t need to alter the setup of your Windows computer or do any disk partitioning as you would with a dual-boot configuration, nor do you need to find a “spare” computer to use to set up Linux. To go the virtual machine route, you need to get two things: the VMware Player software, and an installation image of a Linux operating system, often referred to as a “distribution.” For the purposes of these instructions, we’ll use version 14.04 of the popular Linux distribution from Ubuntu, a version designated for long-term support and that is well supported by VMware. These instructions also refer to VMware Workstation Player version 14. Please note that beginning with version 7 of VMware Player, all versions of these free VMware products (for Linux as well as Windows) require a 64-bit operating system, so if you are using a 32-bit system instead you may need to choose an alternative virtualization product that supports 32-bit systems, such as VirtualBox. The versions of Linux and other component specified in these instructions have been verified to work with multiple Windows operating systems, in 32-bit and 64-bit versions, with high-end and low-end (e.g., systems with as much as 8 GB and as little as 1 GB of RAM) hardware configurations.
- Go to https://my.vmware.com/web/vmware/downloads, find VMware Workstation Player from the list of Products (scroll down to the Desktop & End-User Computing category) and click “Download Product.” From the product download page, download VMware Workstation Player by first choosing “14.0” from the Major Version drop-down list and then clicking the “Download” button for the current Windows version of the product (14.1.1). Note that the VMware Workstation Player installer file is about 91 MB, so it may take some time to download this file depending on your connection speed.
- Go to http://www.ubuntu.com/download/desktop/, click on “Alternative downloads and torrents” and download an installation image of the Ubuntu 14.04.5 operating system. This distribution is available in 64-bit and 32-bit versions; you can choose either, but 32-bit is recommended by Ubuntu for use on a system with less than 2 GB of RAM. Note that the installer image is almost 700MB, so it may take some time to download this file. Please note: if you want to run the 64-bit version of Ubuntu Linux, you must install the 64-bit version of VMware. If you have no preference or will not need to use this Linux VM beyond working with Snort then you may want to download the 32-bit version, even if you have a 64-bit operating system on your host computer, because the 32-bit version has lower resource demands. If you use the 64-bit version, note the two places (highlighted) in the instructions on the following pages where steps differ for 64-bit and 32-bit users.
- Locate the VMware Workstation Player installation file (VMware-player-14.1.1-7528167.exe or similar filename) and launch the installer by double-clicking on it. You can accept the defaults during the installation for a typical install. You will be prompted to restart your system to complete the install.
Once you have finished installing VMware Workstation Player and you have the Ubuntu installation image saved to disk, you can launch Workstation Player and start setting up your virtual Linux image.
- From the Welcome screen, choose “Create a New Virtual Machine” and when the wizard begins, choose to install from “Installer disk image file (iso):” and browse to the Ubuntu file you downloaded to your computer. Select the iso file and when you return to the wizard, click Next.
- Enter name and user name information in the next wizard screen. Whatever you enter here is used to create a user in the Ubuntu Linux operating system, so make sure you remember or keep track of the username and password you enter here. Click Next.
- Choose a name for the new virtual machine, or accept the default “Ubuntu” provided by the wizard. By default in Windows VMware creates a directory under My Documents called “My Virtual Machines” where it stores VM files; you can change this to some other directory if you prefer, or just go with the default. Click Next.
- Specify the amount of hard disk space and memory (RAM) to allocate to your virtual machine. The numbers you choose are driven in part by what you have available on your computer, but also keep in mind that for basic Linux use or just experimenting with the OS, you likely will not need anywhere near the 20GB default the wizard suggests. However, with the graphical features of recent Ubuntu versions, you need at least 5 GB to avoid running out of disk space (implementing everything in the instructions that follow will leave you with less than 5% free space on a 5 GB virtual machine). For RAM, the default setting of 1024 MB is fine, but if your computer has 2 GB or less of memory you can reduce this further to 512 MB and still perform sufficiently for our purposes. Where possible, raising the memory allocation tends to make performance better. The memory allocated to a VM must be less than the memory installed in your host computer. Click Next.
- On the next screen you will see a summary of your VM settings, and the option to customize hardware. If you will be running the VM on the same machine where you are creating it, you should not need to customize anything, with the exception of the display settings. Choose the Display option at the bottom of the list, and uncheck “Accelerate 3D graphics.” Click Close to exit hardware customization. Click Finish to start the Linux installation in the new VM instance.
The installation process can take anywhere from a few minutes to an hour, depending on the capabilities of the system you are running and other variable factors. Please note: while it is not absolutely necessary to have an active Internet connection while running the installation, the process will proceed more smoothly if a connection is available, as Ubuntu will try to check for updates, set the system time by querying the network, and perform other functions that use a network connection if one is available. VMware installs a set of tools in all guest operating systems installed within VMware; you may see a pop-up message that a newer version of the Linux VMware Tools is available and asking you to download and update them. Follow the instructions to download and update the tools to the latest version (a process that can be done in parallel with the Ubuntu install). The VMware system installer is designed to run pretty much unattended, so the next step requiring your attention will be when you are prompted to log in to Ubuntu.
When you see the login prompt, you should use the username and password you chose when you created the new VM instance (step 2 above). By default, the system will ask you to log in as the user you already created, so you only need to enter the password. When the login process is complete, you will see the Ubuntu Desktop (shown in the screenshot below), meaning you have successfully installed the Ubuntu Linux operating system.
Shortly after logging in to Ubuntu, you will likely see a prompt notifying you that there is either a newer version of Ubuntu (the latest Ubuntu release is currently version 17.10) or that there are updates available for your version and asking if you want to update your operating system. The 14.04.5 version is both stable and reliable for our purposes and is supported by VMWare as a guest OS, and Ubuntu has given the “long term support” (LTS) designation to the 14.04 release, meaning it will be supported for at least five years from the date of its release (which was in 2014). There are, however, often kernel or security updates for any Ubuntu version and it is a good idea to keep your instance up to date. You will also likely be prompted to install security updates or other program updates for Ubuntu – these recommended updates should be accepted and installed (you will need to re-enter your password to authorize administrative changes such as updates). Look for an icon in the left-side navigation menu in the Ubuntu Desktop that looks like a cardboard box with a number on it – selecting that icon will open the Update Manager and allow you to bring the operating system up to date.
The only other preliminary steps before you begin setting up programs and configuring settings in Ubuntu are to update your distribution and to install the package manager software, which we rely on for many of the following installation steps. The Synaptic Package Manager used to be included by default in Ubuntu prior to version 11.10, but now it must be installed separately through the Software Center.
- Click anywhere inside the VMware Workstation Player window to perform actions in the virtual machine.
- By default, Ubuntu will check for updates when it first starts up, so you will likely be prompted that one or more components (including the Linux kernel) need updating. You can also start the update manager from the desktop in Ubuntu by selecting System -> Administration -> Update Manager. You may be asked to provide an “administrative password” which is just your regular user account password. Please note that the number and total size of the updates required can be quite large depending on how recently the OS image has been updated, so the update process may take some time.
- Once the updates are downloaded and installed, you may also be prompted to restart Ubuntu within the VMware Workstation Player window. You will need to log in again with your password.
- From the left-hand menu on the Ubuntu Desktop, click on the Ubuntu Software Center icon.
- When the Software Center loads, use the search bar at the upper right to search for “Synaptic”. The Synaptic Package Manager should be the first result returned in the search.
- Highlight the application in the result list and click “Install”.
- Once the installation completes, the button labeled “Install” will change to say “Remove”. Close the Software Center. You can now access the package manager from its own icon on the left-hand menu or by clicking on “Dash Home” and searching for “package manager.”