Lab 6
Chapter 12
🐧 Linux

Snort IDS Configuration

Install and configure Snort in IDS mode to detect suspicious network activity.

0 / 5 tasks completed

📋 Tasks

1 Install Snort
sudo apt install snort -y
2 View the default Snort configuration (non-comment lines)
cat /etc/snort/snort.conf | grep -v '^#' | grep -v '^$' | head -20
3 Create a custom Snort rule to detect ICMP pings
echo 'alert icmp any any -> any any (msg:"ICMP Ping Detected"; sid:1000001; rev:1;)' | sudo tee /etc/snort/rules/local.rules
4 Test the Snort configuration
sudo snort -T -c /etc/snort/snort.conf
5 Run Snort in IDS mode (simulated)
sudo snort -A console -q -c /etc/snort/snort.conf -i eth0

💻 Interactive Terminal

bash — cyber-lab
Welcome to Lab 6: Snort IDS Configuration
Type commands below to complete each task. Type 'help' for available commands.
──────────────────────────────────────────────
student@cyber-lab:~$
💡 Complete task 1: Install Snort

🤔 Reflection

How would you write a rule to detect SSH brute-force attempts?

← Lab 5 Lab 7 →