If you are new to the Linux command line and IDS/IPS software then you may not be surprised to learn that installing Snort, an open source IDS/IPS solution is NOT straight forward.
Image created with GPT4 Dall-e
In this blog post I am going to get straight to the point and give you commands you need to know to successfully install Snort in Ubuntu.
Take a note of your IP address
$ip a
$ sudo apt update && sudo apt install snort
Add any custom rules to the Snort local.rules file
sudo nano /etc/snort/rules/local.rules
Go to the bottom of the page and add any custom rules, for example:
alert icmp any any -> any any (msg: "YOUR CUSTOM MESSAGE"; sid:1000001;)
Close the nano doc with CTRL+X and Y to save
$ sudo systemctl status.service
Check the logs:
$ sudo tail /var/log/snort/snort.alert.fast
Now run Snort LIVE and monitor the console
$ sudo snort -A console -q -u snort -c /etc/snort/snort.conf -l enp0s3
Now ping the Ubuntu machine and watch the terminal