Introduction

BeSLab is an open source security lab blueprint dedicated to fortifying open source projects, models, training dataset against potential vulnerabilities. Designed to operate efficiently even in low-resource settings, BeSLab provides a comprehensive solution that grants complete control and transparency to application security and security operations teams.

Types of BeSLab
1. Private Lab - Lab hosted privately inside an organization’s private code collaboration platform
2. Public Lab - Lab hosted in a community namespace of a public code collaboration platform like GitHub
3. Personal Lab - Lab hosted privately within an individual’s laptop or a virtual machine

This playbook outlines the steps for seeding a Private Lab in a single Linux machine. At the end of this playbook exectution, you are going to get a BeSLab instance provisioned with below set of components.
1. A Code Collaboration Platform (For Instance, GitLab CE)
2. BeSLighthouse
3. BLIman
4. BeSman
5. NPM
6. NodeJS

Prerequisites
1. Ubuntu VM - Minimum 4vCPU, 8GB RAM, 16GB Disk Space
2. Python
3. Bash
4. PIP
5. Jupyter Notebook:
If you want to run this playbook. Alternatively, you can set up the lab by manually running all the commands listed in this playbook in the same order.
6. AWS Specific Configurations:
AWS VM installed with Ubuntu 22.04 does contains some aws specific packages which are installed with older versions so system pop warning messages for those packages and kernel being old version. These pop ups does hamper the non-interactive installation of BeSLab. So to suppress these warning during installation follow the below steps.
Open file “/etc/needrestart/needrestart.conf”
Change following parameters and save the changes.
#$nrconf{restart} = 'i'; to $nrconf{restart} = 'a';
#$nrconf{kernelhints} = -1; to $nrconf{kernelhints} = -1;
Save and exit the file.

Steps to install Jupyter (If not present already):

If Jupyter Notebook is not installed on the system already follow below steps to get it installed.
1. Update and upgrade the system. Execute following commands.
>> sudo apt-get update && sudo apt-get -y upgrade
2. Install PIP (if not installed already)
>> sudo apt-get -y install python3-pip
3. Install Jupyter
>> sudo python3 -m pip install jupyter
4. Generate Jupyter Notebook configuration.
>> jupyter notebook –generate-config
5. Open Jupyter Notebook configuration at “$HOME/”
>> vi $HOME/.jupyter/jupyter_notebook_config.py
6. Change following and save
   <br>c.ServerApp.ip = 'localhost' to c.ServerApp.ip = '0.0.0.0'
   <br>Uncomment c.ServerApp.open_browser = False
7. Save and close the file.
 
Executing Jupyter Playbook

To execute the jupyter playbook we need to start the jupyter notebook via terminal and upload the notebook to the Jupyter Notebook.
<br>Start Jupyter Notebook:
<br>cd to /opt folder.
<br>Execute <i>jupyter notebook –allow-root</i>
<br>Note the port number and token displayed on screen.
<br>Open the browser and and enter “<machine IP>:<port captured above>”. It will open the Jupyter notenook UI.
<br>Enter the token captured above into the input field shown and click on Sign In button. This will open the Jupyter Notebook page.
<br>Upload this notebook using the Upload button.

1. Download bliman setup script.



In [1]:
!curl -o bliman_setup.sh https://raw.githubusercontent.com/Be-Secure/BLIman/main/bliman_setup.sh; chmod +x bliman_setup.sh;

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 18316  100 18316    0     0  45694      0 --:--:-- --:--:-- --:--:-- 45675


2. Execute bliman setup.

In [2]:
!./bliman_setup.sh install

Installing BLIman from https://github.com//Be-Secure/BLIman.git
Cloning into '/tmp/BLIman'...
remote: Enumerating objects: 960, done.[K
remote: Counting objects: 100% (593/593), done.[K
remote: Compressing objects: 100% (280/280), done.[K
remote: Total 960 (delta 307), reused 441 (delta 241), pack-reused 367[K
Receiving objects: 100% (960/960), 989.02 KiB | 2.16 MiB/s, done.
Resolving deltas: 100% (374/374), done.
Installing default genesis file ...
Genesis file path not provided.
Downloading default genesis file from Be-Secure community.
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  9021  100  9021    0     0  23313      0 --:--:-- --:--:-- --:--:-- 23310
BLIMAN DIRECTORY is set to : /root/.bliman
Create distribution directories...
 BBBBBBBBBBBBBBBBB   LLLLLLLLLLL             IIIIIIIIIIMMMMMMMM               MMMMMMMM               AAA               NNNNNNNN        N

3. verify the installation of bliman.

In [3]:
!source /root/.bliman/bin/bliman-init.sh; bli help

  
[1;1mNAME[0m
   bli - The cli for BeSLab                                                                            
  
[1;1mSYNOPSIS  [0m
   bli [command] [options]                                                                             
  
[1;1mDESCRIPTION[0m
   BLIman (pronounced as ‘B-L-I-man’) is a command-line utility designed for creating and provisioning 
   the BeSLab in Host/Bare/lite mode.  It helps security professionals to reduce the turn around time  
   for assessment of Open Source projects, AI Models, Model Datasets leaving them focus on the assess- 
   ment task rather than setting up environment for it. BLIman also provides seamless support for the  
   installation of tools and utilities needed for the security professional for assessing different OSS
   projects, AI models, Training datasets, documents and attest and publish the assement reports.      
  
[1;1m COMMANDS [0m
   help: Display the help command                                            

4. Modify the Genesis file as required or use the default genesis file.

5. Load the genesis file.

In [11]:
!source /root/.bliman/bin/bliman-init.sh; bli load


[1;33m Genesis file path is not set checking file at default locations i.e PWD or /root/.bliman directory[0m

[1;33m[0m
[1;33m Using genesis file found at /opt.                                                                    [0m
[1;33m[0m
Loading Genesis file ...
export BESLAB_CODECOLLAB_DATASTORES=besecure-assessment-datastore,besecure-assets-store,besecure-ml-assessment-datastore
[1;32mGenesis file is loaded successfully!![0m

[1;33mExecute "bli initmode <modename>" to set the beslab mode to install.[0m
[1;33m   use "bli help initmode" for more information.[0m



6. Initialize lite mode.

In [12]:
!source /root/.bliman/bin/bliman-init.sh; bli initmode lite

[1;1m[0m
[1;33m##############################################################################[0m
[1;33m                       Setting lab mode as lite                         [0m
[1;33m##############################################################################[0m
[1;1m[0m

[1;32mcandidate lite is available to install.[0m

[1;33mcandidate lite is not installed already.[0m
[1;32mcandidate lite will be installed.[0m
 ########  ########  ######  ##          ###    ########   
 ##     ## ##       ##    ## ##         ## ##   ##     ##  
 ##     ## ##       ##       ##        ##   ##  ##     ##  
 ########  ######    ######  ##       ##     ## ########   
 ##     ## ##             ## ##       ######### ##     ##  
 ##     ## ##       ##    ## ##       ##     ## ##     ##  
 ########  ########  ######  ######## ##     ## ########   

 ##       #### ########  ########  
 ##        ##     ##     ##        
 ##        ##     ##     ##        
 ##        ##     ##     ######    

7. Verify lite mode is set.

8. Verify besman is installed.

In [6]:
!source /root/.bliman/bin/bliman-init.sh; source /root/.besman/bin/besman-init.sh; bes help

  
[1;1mNAME[0m
   bes - The cli for BeSman  
  
[1;1mSYNOPSIS  [0m
   bes [command] [options] [ [environment name] | [playbook name] | [version] ] 
  
[1;1mDESCRIPTION[0m
   BeSman (pronounced as ‘B-e-S-man’) is a command-line utility designed for creating and provisioning customized security environments.
   It helps security professionals to reduce the turn around time for assessment of Open Source projects, AI Models, Model Datasets
   leaving them focus on the assessment task rather than setting up environment for it.
   BeSman also provides seamless support for creating and executing BeS playbooks, enabling users to automate complex workflows and tasks.
   With BeSman, users can efficiently manage and execute playbooks, streamlining their processes and enhancing productivity.
  
[1;1m COMMANDS [0m
   help: Display the help command 
   list: List available environments, playbooks, roles. 
   install: Install available environments. 
   uninstall: Uninstall the installed en

9. launch the lab installation.

In [13]:
!source /root/.bliman/bin/bliman-init.sh; source /root/.besman/bin/besman-init.sh; bli launchlab;

[1;1mBLIMAN is going to install following lab components as configured in genesis file.[0m
[1;33m    LAB TYPE = private[0m
[1;33m    LAB MODE = lite[0m
[1;33m    LAB NAME = O31E[0m
[1;33m    CODE COLLABORATION TOOL = gitlab-ce[0m
[1;33m    CODE COLLABORATION TOOL VERSION = 16.2.1[0m
[1;33m    CODE COLLABORATION DATASTORES = besecure-assessment-datastore,besecure-assets-store,besecure-ml-assessment-datastore[0m
[1;33m    DASHBOARD TOOL = beslighthouse[0m
[1;33m    DASHBOARD TOOL VERSION = 0.17.5[0m
[1;1mInstalling beslab in lite mode[0m
[1;1mBeSman found.[0m
[1;33mSet BeSMan environment.[0m
[1;33mVariable 'BESMAN_LOCAL_ENV' value updated to 'true'[0m
[1;33mVariable 'BESMAN_LOCAL_ENV_DIR' value updated to '/root/.beslab'[0m
[1;33mVariable 'BESMAN_ENV_REPOS' value updated to 'Be-Secure/BeSLab'[0m
[1;33mInstalling JQ for JSON response readings.[0m
/usr/bin/jq
Cloning into '/tmp/beslab'...
remote: Enumerating objects: 653, done.[K
remote: Counting objects: 1

10. Open the browser and enter "http://10.10.10.10/". Gitlab login page should get displayed.
    (Note: change the IP to the public ip of server)
12. Clone the assets store repo from Gitlab using "http://10.10.10.10/O31E/besecure-assets-store.git"
    (Note: change the IP to the public ip of server)
14. Create a directory named "Be-Secure".
15. Change to directory "Be-Secure" and Clone the assets store repo from Be-Secure community "https://github.com/Be-Secure/besecure-assets-store.git"
16. Change directory to parent directory and copy project-metadata.json as follows:
    "cp ./Be-Secure/besecure-assets-store/projects/project-metadata.json ./besecure-assets-store/projects/project-metadata.json"
17. Change directory to "besecure-assets-store" (The one cloned from Gitlab).
18. Do the git commit "git commit -a -m "test data" ".
19. Do the git push "git push origin main"
20. It will open up a gitlab window. Enter the user credentials as (username: o31e, pass: Welc0me@123)

20. Go to the borwser and enter "http://10.10.10.10:3000".
    (Note: change the IP to the public ip of server)
22. Be-Lighthouse UI should be available.
23. Click on the "Projects Of Interest" tab and verify that it shows the data uploaded to gitlab assets store repo.