A command-line network intrusion detection system
Command Line – Snort

© Photo by Jack Seeds on Unsplash
Snort lets you protect your network from intruders with a customizable ruleset.
Snort [1] is one of the oldest and most reliable network intrusion detection systems. Founded in 1998 by Martin Roesch, then the CTO of Sourcefire, Snort quickly became so popular that in 2009 InfoWorld declared it one of the top 36 pieces of free software [2]. Like the definitions in a virus detector, Snort relies on a series of rules to detect all known means of compromising a system. It is not difficult to install, but it requires preparation, and, the more customization, the more time-consuming your installation will be. What follows are instructions for a minimal installation for Debian-like distributions, which should be good enough for many users, especially on standalone machines.
To get the very latest protection, install Snort from source [3], using the usual ./configure
, make
, and install
commands. Most distributions also offer a package, although the package is often older than the latest version. However, in a mature application such as Snort, the differences between versions are apt to be minimal, and the rules you install are probably more important. Whichever version you use, you might want to create a Snort group and user solely for running the app, just for added protection. In addition, before installation, gather the necessary information (Figure 1) by running:
ip a
[...]
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

News
-
AerynOS Alpha Release Available
With a choice of several desktop environments, AerynOS 2025.08 is almost ready to be your next operating system.
-
AUR Repository Still Under DDoS Attack
Arch User Repository continues to be under a DDoS attack that has been going on for more than two weeks.
-
RingReaper Malware Poses Danger to Linux Systems
A new kind of malware exploits modern Linux kernels for I/O operations.
-
Happy Birthday, Linux
On August 25, Linux officially turns 34.
-
VirtualBox 7.2 Has Arrived
With early support for Linux kernel 6.17 and other new additions, VirtualBox 7.2 is a must-update for users.
-
Linux Mint 22.2 Beta Available for Testing
Some interesting new additions and improvements are coming to Linux Mint. Check out the Linux Mint 22.2 Beta to give it a test run.
-
Debian 13.0 Officially Released
After two years of development, the latest iteration of Debian is now available with plenty of under-the-hood improvements.
-
Upcoming Changes for MXLinux
MXLinux 25 has plenty in store to please all types of users.
-
A New Linux AI Assistant in Town
Newelle, a Linux AI assistant, works with different LLMs and includes document parsing and profiles.
-
Linux Kernel 6.16 Released with Minor Fixes
The latest Linux kernel doesn't really include any big-ticket features, just a lot of lines of code.