Skip to main content

Service Reference

Purpose

This document provides a consolidated reference of all operational services deployed across the Scheol Security Lab.

It focuses on what exists in reality, not future intent.

HELL (On-Premise Environment)

Virtualization Layer

  • Proxmox
    • Role: Hypervisor for internal infrastructure
    • Hosts: all Hell VMs and containers
    • Criticality: Critical

Network Security Layer

  • OPNsense
    • Role: Firewall, segmentation, routing
    • Functions: VLAN isolation, traffic filtering, NAT
    • Criticality: Critical

Identity & Access Layer

  • OpenLDAP / AD (planned)
    • Role: Central identity provider
    • Functions: authentication, authorization, directory services
    • Criticality: Critical

Administrative Access Layer

  • Bastion (planned)

    • Role: Secure administrative entry point
    • Functions: SSH relay, session control, audit logging
    • Criticality: Critical

  • Admin Workstation (planned)

    • Role: privileged management environment
    • Functions: administration, secure tooling
    • Criticality: High

Security Monitoring Layer

  • Wazuh (planned)

    • Role: SIEM / detection platform
    • Functions: log aggregation, alerting, FIM
    • Criticality: High

  • Velociraptor (planned)

    • Role: endpoint forensics
    • Functions: live response, artifact collection
    • Criticality: High

Automation Layer

  • Ansible

    • Role: configuration management
    • Functions: provisioning, configuration enforcement
    • Criticality: High

  • Gitea

    • Role: source control / CI trigger
    • Functions: code hosting, webhook CI/CD
    • Criticality: High

Backup Layer

  • Proxmox Backup / Restic (planned hybrid)
    • Role: data protection
    • Functions: snapshots, external backups
    • Criticality: Critical

Application & IT Services

  • GLPI (planned)
    • Role: ITSM
    • Functions: ticketing, asset tracking
    • Criticality: Medium

HEAVEN (VPS Environment)

VPS-01 - Public Services Layer

  • Nginx Reverse Proxy

    • Role: traffic routing / TLS termination

  • Gitea

    • Role: Git hosting (currently exposed)

  • Docusaurus (Scheol Lab / GraalSec)

    • Role: documentation portals

  • CrowdSec

    • Role: intrusion prevention (SSH, HTTP, Gitea)

VPS-02 - Business Application Layer

  • Dolibarr (ERP)

    • Role: business management (CRM/ERP)

  • Nginx

    • Role: web server / reverse proxy

  • MariaDB

    • Role: relational database backend

Shared Characteristics (Heaven)

  • Internet exposed services
  • Temporary co-location of multiple logical roles
  • Snapshot-based backup (temporary)
  • Limited centralized logging (planned migration to Hell SIEM)

Current Status Summary

  • Hell: partially deployed, security architecture emerging
  • Heaven: operational but transitional, known isolation limitations