Download

1 OBTAINING SUPERUSER (ROOT) PRIVILEGES

Installation of Snort and Snowl at Ubuntu requires superuser (root) rights. The simplest way is to get a terminal with root privileges using su command (root user password needs to be entered):

sudo su -

2 SNOWL AUTOMATIC INSTALLATION SCRIPT

All necessary steps for installing Snort, Snowl, described below are united into a script, you can download and run using the following command:

wget https://snowl.io/download/snowl-install-ubuntu.sh && bash ./snowl-install-ubuntu.sh

The script will carry out the steps described below with automatic consent to the recommended variant.
Only two questions will be asked:

Install Snowl?
Install Snowl-sensor?

answer “yes” or just press Enter on the PC intended for Snowl graphical interface for the first question, and “no” on the PC intended for Snowl sensor. Do the same for the second question.
Or answer “yes” in both cases if you are going to install all on a single PC.

After the script is completed, proceed to step 5 – VERIFY INSTALLATION.

3 SNOWL INSTALLATION

The following instructions have to be followed on the PC where Snowl graphical interface will be installed.

A web server is required for operation of Snowl. It can be Apache or Nginx.
Select and install one of them, for example, Apache.

Apache installation

apt install apache2

Nginx installation

apt install nginx

Run the following commands to install Snowl:

wget https://snowl.io/download/snowl_1.7.1_amd64.deb && dpkg -i ./snowl_1.7.1_amd64.deb

Configure a web server for working with Snowl. For this purpose, do the following:

/opt/snowl/snowl-configure-httpd

This script will set a symbolic link to Snowl configuration on the web server and open port 5500 to start Snowl web interface. It is recommended to answer the script’s questions positively: either type “yes” or just press “Enter” on the keyboard.

4 INSTALLATION OF SNOWL SENSOR

The following instructions have to be followed on the PC on which Snowl sensor will be installed.

At the first stage, install Snort deb-packages and dependencies. Unfortunately, only Snort 2.9.7 version is available in the original Ubuntu repository that is not supported by Snort design team anymore which can cause some difficulties when searching for a ruleset compatible with this version.
Snowl design team reformed deb-packages of the latest stable Snort version and placed them in Ubuntu repository at
https://launchpad.net/~snowl/+archive/ubuntu/snort.

If you already have Snort installed and working, make sure you are using the latest stable version

In order to install Snort from our repository, run the following commands:

add-apt-repository ppa:snowl/snort
apt-get update
apt install -y snort

We recommend disabling autorun with Snort commands described below. Snowl will control starting and stopping.

systemctl stop snort
systemctl disable snort

In order to install Snowl sensor, run:

wget https://snowl.io/download/snowl-sensor_1.7.1_amd64.deb && dpkg -i ./snowl-sensor_1.7.1_amd64.deb

Then, you need to set rights for operation of Snowl-sensor with Snort (starting/stopping). For this purpose, run:

/opt/snowl-sensor/snowl-snort fix

This script will replace Snort owner group with snort group so that only members of the group could run Snort and will add a snowl user to the snort group.

5 Verify Installation

In order to verify correctness of installation, open the browser (Google Chrome or Mozilla Firefox are recommended) and type the following in the address bar:

1 OBTAINING SUPERUSER (ROOT) PRIVILEGES

Installation of Snort and Snowl at Debian requires superuser (root) rights. The simplest way is to get a terminal with root privileges using su command (root user password needs to be entered):

su

2 SNOWL AUTOMATIC INSTALLATION SCRIPT

All necessary steps for installing Snort, Snowl, described below are united into a script, you can download and run using the following command:

wget https://snowl.io/download/snowl-install-debian.sh && bash ./snowl-install-debian.sh

The script will carry out the steps described below with automatic consent to the recommended variant.
Only two questions will be asked:

Install Snowl?
Install Snowl-sensor?

answer “yes” or just press Enter on the PC intended for Snowl graphical interface for the first question, and “no” on the PC intended for Snowl sensor. Do the same for the second question.
Or answer “yes” in both cases if you are going to install all on a single PC.

After the script is completed, proceed to step 5 – VERIFY INSTALLATION.

3 SNOWL INSTALLATION

The following instructions have to be followed on the PC where Snowl graphical interface will be installed.

A web server is required for operation of Snowl. It can be Apache or Nginx.
Select and install one of them, for example, Apache.

Apache installation

apt install apache2

Nginx installation

apt install nginx

Snowl will use command sudo to run its own process under user snowl (to limit rights to the minimum required). So you need to install sudo:

apt install sudo

Run the following commands to install Snowl:

wget https://snowl.io/download/snowl_1.7.1_amd64.deb && dpkg -i ./snowl_1.7.1_amd64.deb

Configure a web server for working with Snowl. For this purpose, do the following:

/opt/snowl/snowl-configure-httpd

This script will set a symbolic link to Snowl configuration on the web server and open port 5500 to start Snowl web interface. It is recommended to answer the script’s questions positively: either type “yes” or just press “Enter” on the keyboard.

4 INSTALLATION OF SNOWL SENSOR

The following instructions have to be followed on the PC on which Snowl sensor will be installed.

At the first stage, install Snort deb-packages and dependencies. Unfortunately, only Snort 2.9.7 version is available in the original Debian repository that is not supported by Snort design team anymore which can cause some difficulties when searching for a ruleset compatible with this version.
Snowl design team reformed deb-packages of the latest stable Snort version and placed them in Debian repository at https://packages.snowl.io

If you already have Snort installed and working, make sure you are using the latest stable version

In order to install Snort from our repository, run the following commands (apt-key will use command gpg, so you need to install gnupg as shown bellow):

apt install gnupg
wget -O - https://packages.snowl.io/keyfile | apt-key add -
echo 'deb [arch=amd64] https://packages.snowl.io/debian buster main' > /etc/apt/sources.list.d/snowl-team.list
apt update -y

We recommend disabling autorun with Snort commands described below. Snowl will control starting and stopping.

systemctl stop snort
systemctl disable snort

Snowl-sensor will use command sudo to run its own process under user snowl (to limit rights to the minimum required). So you need to install sudo:

apt install sudo

In order to install Snowl sensor, run:

wget https://snowl.io/download/snowl-sensor_1.7.1_amd64.deb && dpkg -i ./snowl-sensor_1.7.1_amd64.deb

Then, you need to set rights for operation of Snowl-sensor with Snort (starting/stopping). For this purpose, run:

/opt/snowl-sensor/snowl-snort fix

This script will replace Snort owner group with snort group so that only members of the group could run Snort and will add a snowl user to the snort group.

5 Verify Installation

In order to verify correctness of installation, open the browser (Google Chrome or Mozilla Firefox are recommended) and type the following in the address bar:

1 OBTAINING SUPERUSER (ROOT) PRIVILEGES

Installation of Snort and Snowl at Ubuntu requires superuser (root) rights. The simplest way is to get a terminal with root privileges using su command (root user password needs to be entered):

su

2 SNOWL AUTOMATIC INSTALLATION SCRIPT

All necessary steps for installing Snort, Snowl, described below are united into a script, you can download and run using the following command:

curl -sL https://snowl.io/download/snowl-install-centos.sh > snowl-install-centos.sh && bash ./snowl-install-centos.sh

The script will carry out the steps described below with automatic consent to the recommended variant.
Only two questions will be asked:

Install Snowl?
Install Snowl-sensor?

answer “yes” or just press Enter on the PC intended for Snowl graphical interface for the first question, and “no” on the PC intended for Snowl sensor. Do the same for the second question.
Or answer “yes” in both cases if you are going to install all on a single PC.

After the script is completed, proceed to step 5 – VERIFY INSTALLATION

3 SNOWL INSTALLATION

The following instructions have to be followed on the PC where Snowl graphical interface will be installed.

A web server is required for operation of Snowl. It can be Apache or Nginx.
Select and install one of them, for example, Apache.

Apache installation

Important: the official repository of CentOS has obsolete Apache from 2013 year, for the correct operation Snowl a more recent version is required. You can install the latest version of apache2 from the CodeIT repository:

cd /etc/yum.repos.d && \
curl -L https://repo.codeit.guru/codeit.el`rpm -q --qf "%{VERSION}" $(rpm -q --whatprovides redhat-release)`.repo -o codeit.el`rpm -q --qf "%{VERSION}" $(rpm -q --whatprovides redhat-release)`.repo

yum install -y httpd
systemctl enable httpd
systemctl start httpd

Nginx installation

yum install -y epel-release
yum install -y nginx
systemctl enable nginx
systemctl start nginx

Run the following commands to install Snowl:

yum install -y https://snowl.io/download/snowl-1.7.1-1.x86_64.rpm

Configure a web server for working with Snowl. For this purpose, do the following:

/opt/snowl/snowl-configure-httpd

This script will set a symbolic link to Snowl configuration on the web server and open port 5500 to start Snowl web interface. It is recommended to answer the script’s questions positively: either type “yes” or just press “Enter” on the keyboard.

4 INSTALLATION OF SNOWL SENSOR

The following instructions have to be followed on the PC on which Snowl sensor will be installed.

At the first stage, install Snort deb-packages and dependencies.
If you already have Snort installed and working, make sure you are using the latest stable version.

In order to install Snort, run the following commands:

yum install -y epel-release
yum install -y libpcap
yum install -y libnghttp2
yum install -y libdnet
yum install -y https://www.snort.org/downloads/snort/snort-2.9.15-1.centos7.x86_64.rpm

Then do small fix:

ln -s /usr/lib64/libdnet.so.1.0.1 /usr/lib64/libdnet.1

In order to install Snowl sensor, run:

yum install -y https://snowl.io/download/snowl-sensor-1.7.1-1.x86_64.rpm

Then, you need to set rights for operation of Snowl-sensor with Snort (starting/stopping). For this purpose, run:

/opt/snowl-sensor/snowl-snort fix

This script will replace Snort owner group with snort group so that only members of the group could run Snort and will add a snowl user to the snort group.

5 Verify Installation

In order to verify correctness of installation, open the browser (Google Chrome or Mozilla Firefox are recommended) and type the following in the address bar:

1 OBTAINING SUPERUSER (ROOT) PRIVILEGE

Installation of Snort and Snowl at Ubuntu requires superuser (root) rights. The simplest way is to get a terminal with root privileges using su command (root user password needs to be entered):

su

2 SNOWL AUTOMATIC INSTALLATION SCRIPT

All necessary steps for installing Snort, Snowl, described below are united into a script you can download and run using the following command:

curl -sL https://snowl.io/download/snowl-install-fedora.sh > snowl-install-fedora.sh && bash ./snowl-install-fedora.sh

The script will carry out the steps described below with automatic consent to the recommended variant.
Only two questions will be asked:

Install Snowl?
Install Snowl-sensor?

answer “yes” or just press Enter on the PC intended for Snowl graphical interface for the first question, and “no” on the PC intended for Snowl sensor. Do the same for the second question.
Or answer “yes” in both cases if you are going to install all on a single PC.

After the script is completed, proceed to step 5 – VERIFY INSTALLATION.

3 SNOWL INSTALLATION

The following instructions have to be followed on the PC where Snowl graphical interface will be installed.

A web server is required for operation of Snowl. It can be Apache or Nginx.
Select and install one of them, for example, Apache.

Apache installation

dnf install -y httpd
systemctl enable httpd
systemctl start httpd

Nginx installation

dnf install -y nginx
systemctl enable nginx
systemctl start nginx

Run the following commands to install Snowl:

dnf install -y https://snowl.io/download/snowl-1.7.1-1.x86_64.rpm

Configure a web server for working with Snowl. For this purpose, do the following:

/opt/snowl/snowl-configure-httpd

This script will set a symbolic link to Snowl configuration on the web server and open port 5500 to start Snowl web interface. It is recommended to answer the script’s questions positively: either type “yes” or just press “Enter” on the keyboard.

4 INSTALLATION OF SNOWL SENSOR

The following instructions have to be followed on the PC on which Snowl sensor will be installed.

At the first stage, install Snort deb-packages and dependencies.
If you already have Snort installed and working, make sure you are using the latest stable version.

In order to install Snort, run:

dnf install -y libpcap
dnf install -y libnghttp2
dnf install -y libdnet
dnf install -y https://www.snort.org/downloads/snort/snort-2.9.15-1.f29.x86_64.rpm

Then do small fix:

ln -s /usr/lib64/libdnet.so.1.0.1 /usr/lib64/libdnet.1

In order to install Snowl sensor, run:

dnf install -y https://snowl.io/download/snowl-sensor-1.7.1-1.x86_64.rpm

Then, you need to set rights for operation of Snowl-sensor with Snort (starting/stopping). For this purpose, run:

/opt/snowl-sensor/snowl-snort fix

This script will replace Snort owner group with snort group so that only members of the group could run Snort and will add a snowl user to the snort group.

5 Verify Installation

In order to verify correctness of installation, open the browser (Google Chrome or Mozilla Firefox are recommended) and type the following in the address bar: