SOC Part 1 - Snort

Part 1 - Installing Snort3 on Ubuntu

Install Ubuntu Server - Use VirtualBox to create a VM with 4GB RAM, 80GB HDD. Set the NIC to be NAT during install for internet access and SSH.

Update

After the OS is installed, update the system.

sudo apt update && apt upgrade -y

Install SSH server:

sudo apt install openssh-server -y
systemctl enable ssh
systemctl start ssh

SSH into server and install dependencies:

sudo apt install build-essential autoconf libtool autoconf-archive pkg-config cmake libdumbnet-dev flex bison libgoogle-perftools-dev libhwloc-dev libluajit-5.1-dev libssl-dev libpcap-dev libpcre2-dev zlib1g-dev -y

Install libDAQ (a dependency) from source:

cd /usr/local/src/
wget https://github.com/snort3/libdaq/archive/refs/tags/v3.0.23.tar.gz
tar -xvzf v3.0.23.tar.gz
cd libdaq-3.0.23
./bootstrap
### Configure
./configure
### Compile
make
### Install
make install
### Update library cache
ldconfig

Install Snort from source:

cd ..
wget https://github.com/snort3/snort3/archive/refs/tags/3.10.0.0.tar.gz
tar -xvzf 3.10.0.0.tar.gz
cd snort3-3.10.0.0
./configure_cmake.sh --prefix=/usr/local/snort

Compile Snort:

cd build
make -j$(nproc)

The -j$(nproc) part tells make to use all your CPU cores for faster compilation.

Install Snort:

make install

Auditing

Verify installation:

/usr/local/snort/bin/snort -c /usr/local/snort/etc/snort/snort.lua -T

Network scanning and vulnerability assessment: Use tools like Nmap to scan for open ports, services, operating systems.

Configuration review: Examine system configuration files (e.g., /etc/ssh/sshd_config, /etc/snort/snort.conf) to ensure proper configuration and compliance with security best practices.

By following this guide, you’ll gain a solid foundation for installing Snort3 on an Ubuntu Server.