Welcome to DevSecOps Studio Project

DevSecOps Studio is one of its kind, self contained DevSecOps environment/distribution to help individuals in learning DevSecOps concepts. It takes lots of efforts to setup the environment for training/demos and more often, its error prone when done manually. DevSecOps Studio is easy to get started, mostly automatic and battle tested during our Practical DevSecOps Courses at https://www.practical-devsecops.com/courses-and-certifications/

DevSecOps Studio project aims to reduce the time to bootstrap the environment and help you in concentrating on learning/teaching DevSecOps practices with the following features.

1. Easy to setup environment with just one command “vagrant up”
2. Teaches Security as Code, Compliance as Code, Infrastructure as Code
3. With built-in support for CI/CD pipeline
4. OS hardening using ansible
5. Compliance as code using Inspec
6. QA security using ZAP, BDD-Security and Gauntlt
7. Static tools like bandit, brakeman, windbags, gitrob, gitsecrets
8. Security Monitoring using ELK stack.

How do I get set up?

• Summary of setup
  • Software
  • Hardware
• Dependencies
  • Mac OS X
  • Linux
  • Windows
• DevSecOps Studio Installation
• What's included in the environment
• How to use the setup
• Todo Features
• Contribution guidelines
• Who do I talk to?

Summary of Setup

TL;DR

Install Vagrant, Virtualbox, Ansible and Follow the below steps.

# Download the code
$ git clone https://github.com/hysnsec/DevSecOps-Studio.git && cd DevSecOps-Studio

# Download the ansible dependency roles
$ ansible-galaxy install -r requirements.yml -p provisioning/roles

# Setup the environment, takes an hour or less based on your internet speed.
$ vagrant up

Go grab some coffee while DevSecOps Studio does its job.

Yes, that's it, you just setup entire DevSecOps environment with three commands :)

Go ahead and read Practical DevSecOps Lessons on the wiki

Installation video

Details

DevSecOps Studio uses vagrant, virtualbox and ansible to setup the lab environment. You can visit the vendor's website to download the above software for on Windows/Linux/macOS.

DevSecOps Studio simulates the environment presented below.

Software

• Vagrant
• Virtualbox
• Ansible

Hardware

• Atleast 4GB of RAM for the virtual machines.
• 60GB of HDD Space.
• Intel i3 Processor or above.

Dependencies

MacOS (optional)

Prerequisites can also be installed via homebrew on MAC OS X

Homebrew: Optional

 /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

Vagrant

brew cask install vagrant

Virtualbox

brew cask install virtualbox

Ansible

brew install ansible

Linux

Curl Installlation(require root privileges to install tools)

curl -O https://raw.githubusercontent.com/hysnsec/DevSecOps-Studio/master/setup/Linux_DevSecOps_Setup.sh && chmod +x Linux_DevSecOps_Setup.sh && ./Linux_DevSecOps_Setup.sh;

or

Install dependencies using apt-get

Virtualbox

sudo sh -c 'echo "deb http://download.virtualbox.org/virtualbox/debian xenial contrib" >> /etc/apt/sources.list.d/virtualbox.list'

wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -

sudo apt update

sudo apt install virtualbox

Vagrant

# Looks like vagrant doesn't play nicely if you install with apt
VAGRANT_VERSION=2.2.10
wget https://releases.hashicorp.com/vagrant/${VAGRANT_VERSION}/vagrant_${VAGRANT_VERSION}_x86_64.deb
sudo dpkg -i vagrant_${VAGRANT_VERSION}_x86_64.deb

sudo apt-get install python3 python3-pip

Ansible

pip install ansible

Windows (optional)

Easiest solution for windows user is to use DevSecOps Studio Virtualbox Appliance

1. Download DevSecOps-Studio Appliance (4.45 GB) from this link - NOT MAINTAINED.

2. Import the above Appliance by following these step

Alternatively, Installation can be done using chocolatey by opening up command prompt and using the following command.

@"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -InputFormat None -ExecutionPolicy Bypass -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))" && SET "PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin"

Install dependencies using choco

choco install vagrant virtualbox git -y 

Install ansible via pip

Installation on windows for ansible is not straight forward, please follow these instructions to install cygwin and then install ansible

choco install python3 -y #Installs python 3, includes pip under scripts folder of python3x
pip install ansible

Installation

1. Clone this repo or download the zip

   $ git clone https://github.com/hysnsec/DevSecOps-Studio.git

2. CD into the directory and check what boxes are available.

   $ cd DevSecOps-Studio && vagrant status

3. Download requirement ansible dependencies.

   $ ansible-galaxy install -r requirements.yml

4. Ensure the latest verion of Vagrant is installed on your machine

5. Edit the machines.yml file to make any changes, if you are not sure please leave it as default. Meanwhile, go grab some coffee to enjoy :)

   vagrant up

You can see how it all fits in DevSecOps pipeline by reading out WIKI

How to use the setup

What's included in the environment?

The environment contains the following tools used in different stages of DevSecOps.

Technology	Tools
PenTest Toolkit:	Nmap, Metasploit
Static Analysis Tools:	Brakeman, bandit, findbugs
Dynamic Analysis Tools:	ZAP proxy, Gaunlt
Hardening:	DevSec Ansible OS Hardening
Compliance:	Inspec
Operating System :	Ubuntu Xenial (16.04)
Programming Languages:	Java, Python 3, Ruby/Rails
Container Technology:	Docker
Source Code Management:	Gitlab (github like system)
CI Server:	Gitlab CI/Jenkins
Configuration Management:	Ansible
Monitoring and Log management:	Elastic Search, LogStash and Kibana
Cloud Provider Utilities:	AWS CLI
Utilities:	Git, Vim, curl, wget,

Todo Features

• Provision the stack on AWS using vagrant.
• Build Images using Packer and upload to vagrant cloud.
• Add Ansible Testing using molecule.
• Add Container scanning using clair.
• Add Inspec for compliance.

Contribution guidelines

• Fork this repo.
• Contribute (documentation/features)
• Raise a Pull Request (PR)

Credits

DevSecOps Studio uses some of the ansible roles from Jeff

Who do I talk to?

• If you have any questions regarding this repo, please contact Mohammed A. Imran @secfigo and Raghunath G @raghunath24

https://kiazhi.github.io/blog/The-easy-way-to-get-Ubuntu-18.04-distro-environment-on-Windows/

Ensuring Windows Subsystem for Linux feature is enabled

# Check if Microsoft-Windows-Subsystem-Linux feature is enabled 
if((Get-WindowsOptionalFeature `
    -FeatureName "Microsoft-Windows-Subsystem-Linux" `
    -Online).State -ne "Enabled")
{
    # Enable Microsoft-Windows-Subsystem-Linux feature if
    #  the feature is not enabled
    Enable-WindowsOptionalFeature `
        -FeatureName "Microsoft-Windows-Subsystem-Linux" `
        -Online `
        -NoRestart:$False ;
}

Downloading Ubuntu 18.04 distro instance

# Download Ubuntu application for WSL
Invoke-WebRequest `
    -Uri "https://aka.ms/wsl-ubuntu-1804" `
    -OutFile "~\CanonicalGroupLimited.Ubuntu18.04onWindows_1804.2018.817.0_x64__79rhkp1fndgsc.appx" `
    -UseBasicParsing ;

Installation for Windows Server

# Rename the file extension to compressed file extension
Rename-Item `
    -Path "~\CanonicalGroupLimited.Ubuntu18.04onWindows_1804.2018.817.0_x64__79rhkp1fndgsc.appx" `
    -NewName "Ubuntu1804.zip" ;

# Expand the compressed file to destination
Expand-Archive `
    -Path "~\Ubuntu1804.zip" `
    -DestinationPath "~\.wsl\distro\Ubuntu" ;

# Launch the distro setup
Start-Process `
    -FilePath "~\.wsl\distro\Ubuntu\Ubuntu1804.exe" ;

Updating the Ubuntu 18.04 distro instance

# Update and upgrade Ubuntu
sudo apt update && sudo apt upgrade

Install Ansible

 sudo apt-add-repository ppa:ansible/ansible
 sudo apt-get install ansible
 ansible --version