Seeking Guidance on Setting up snort for Intrusion Detection and Prevention

I’ve installed snort version 2.9.20 via the unstable channel.

When looking for the configuration file snort.conf, I couldn’t find it anywhere.
command: sudo find / -type f -name "snort.conf" 2>/dev/null
result: nothing

Do I create it in the same location /etc/snort/snort.conf using home.file?

Or is it recommended to make a flake for snort version 3?

If you are using nix the package-manager on any other distro then nix, yes just create the file.

On nixos if you install a package you only install the binary/s, shell-completions and sometimes other files but basically never configs. For that we use modules, but there doesn’t seem to be a snort module: NixOS Search
You can do it in an imperative manner by just creating the file locally on your machine or you can write a module for snort.

Are you already familiar with snort in general?

I am using nixos and installed it via configuration.nix.

I just need to create the config file which is good to know.

In terms of knowing snort it is my first time but, I should be good with their documentation.

Might try to make a flake for snort 3 in the future but, for now I’ll create the config.

Thank you for you help.

If you want the file to be specified in your nixos config you can do so by putting this in your config:

      environment.etc."snort.conf".source = pkgs.writeTextFile {
        name = "snort.conf";
        text = ''
          your config text here.