Getting and Installing Necessary Tools

There are many, many libraries and program dependencies that Snort relies on in order to successfully build from source. In most distributions of Linux, you have the option of installing pre-built packages (through the Synaptic Package Manager tool in Ubuntu or similar utilities in other distributions), using apt-get from the command line for the package in question, or getting the program yourself and installing (possibly building from source just as you will for Snort). As of the 2.9.11 release level of Snort, the following table lists the packages you will need, with a starting recommendation as to how you should make sure they are installed on your Linux instance. Generally speaking, you want everything here installed before going through the Snort installation instructions that follow. You may find that some of these are already installed (perhaps by default) on your Linux instance, but you should check for all of them.

To choose packages to install, open the Linux package manager – on Ubuntu, the quickest way to do this is to click the Package Manager icon in the left-hand menu of the Ubuntu Desktop or to click on the “Dash Home” icon at the top left of the screen, type “package manager” in the search box, and click on Synaptic Package Manager. You will be prompted for your regular user password to launch the package manager. The package manager has a “Quick search” box that facilitates the process of finding the packages you want. Please note: when many of the packages listed below are selected, the package manager will prompt you that additional packages should also be marked for installation. These are package dependencies, and you should accept the recommendations in the prompts. Further instructions are provided for manually installing the programs listed under the “Install manually” headings in the table. Note: users with prior Linux experience may find it faster to install packages from the command line (terminal) using apt-get; this method can be substituted anywhere the instructions refer to using the package manager.

Snort dependencies (you need these to be able to install Snort from source)
Install using the package manager in your Linux distribution:

  • Packet capture library: libpcap0.8 and -dev package
  • Perl compatible regular expressions (PCRE) libraries: libpcre3, libpcre++0 and -dev packages
  • Fast lexical analyzer: flex
  • GNU parser generator: bison
  • GNU C/C++ compiler: g++
Install manually:

  • Data Acquisition library (DAQ): daq-2.0.6
  • Dumb networking library: libdnet
  • Snort rules: snortrules-snapshot-29111
  • Snort: snort-2.9.11.1
  • Barnyard2: barnyard2-1.13
Optional packages (Needed if you intend to use Snort with other tools like MySQL and BASE)
Install using the package manager in your Linux distribution:

  • Relational database:  MySQL (see Note 2 below)
    • mysql-client and mysql-client-5.5
    • mysql-server
    • libmysqld-dev and libmysql++-dev
  • HTTP/Web server:  Apache2
  • PHP Hypertext Preprocessor: php5 and php5-dev
  • PHP module for Apache2: libapache2-mod-php5
  • PHP command line interpreter: php5-cli
  • PHP extension and application repository (PEAR): php-pear
  • PHP Graphics Drawing module: php5-gd
  • PHP module for using MySQL: php5-mysql
  • PHP module for optimizing ADOdb: php5-adodb
  • The zlib compression library (needed by some preprocessors): zlib1g, zlib1g-dev, zlibc
Install manually:

  • Basic Analysis and Security Engine: base-1.4.5
  • Database abstraction library for PHP: adodb-5.20.9
  • PHP graphing modules: php-image-graph and php-image-canvas

Note: When selecting packages to install using a package manager, you should also install any dependent programs/packages/files needed for each package you choose. As many as 60 packages may be installed when you click “Apply” in the package manager.
Note 2: During the package installation for MySQL, you will be prompted to create (and confirm) a root password for the MySQL database. Please choose a password you can remember or keep track of.

After you have finished installing packages, close the Package Manager. For the source file download and manual installation steps that come next, you will be working from the command shell (terminal), so click on the Dash home, type “terminal” in the search box and click on Terminal.