Installing Snort 3.0 (SnortSP) Beta 3 on Ubuntu 8.04 in 3 Steps

Snort 3.0 Beta 3 was released on April 1. You can read an overview of the changes in Snort 3.0 Beta 3 in the mailing list announcement. For more details on the underlying architectural changes in Beta 3, see Marty Roesch's blog. Thanks to Marty and the rest of the Snort 3 Development Team for their hard work in this release!

Installing Snort 3.0 Beta 3 on Ubuntu 8.04 is almost identical to installing Snort 3.0 Beta 2 on Ubuntu 8.04. However, I did have an issue with the Snort 2.8 Detection Engine not compiling correctly. This turned out to be libtool not liking the fact that /bin/sh was symlinked to /bin/dash instead of /bin/bash. The one-line fix was:

rm /bin/sh && ln -s /bin/bash /bin/sh

(Special thanks to Russ Combs of the SnortSP development team for his assistance with this issue.)

Here's the complete install recipe that worked for me:

Step 1: Get root privileges

##########################
sudo -i
##########################

Step 2: Install dependencies

##########################
aptitude update
aptitude -y install build-essential \
libdumbnet1 libdumbnet-dev \
uuid uuid-dev \
libncurses5 libncurses5-dev \
libreadline5 libreadline5-dev \
libpcap0.8 libpcap0.8-dev \
libpcre3 libpcre3-dev \
liblua5.1-0 liblua5.1-0-dev \
flex bison
##########################

Step 3: Download, compile, and install Snort 3.0 Beta 3

##########################
rm /bin/sh && ln -s /bin/bash /bin/sh
cd /usr/local/src/
wget http://www.snort.org/dl/prerelease\
/3.0.0b3/snortsp-3.0.0b3.tar.gz
tar zxvf snortsp-3.0.0b3.tar.gz
cd snortsp-3.0.0b3/
./configure
make
make install
mkdir /etc/snortsp/
cp etc/* /etc/snortsp/
cd src/analysis/snort/
./configure \
--with-platform-includes=/usr/local/include \
--with-platform-libraries=/usr/local/lib
make
make install
ldconfig
##########################