# An allow-list of commands that the Agent Proxy user can run as root.
aembit_agent_proxy ALL=(root:root) NOPASSWD: /opt/CrowdStrike/falconctl -g --aid
aembit_agent_proxy ALL=(root:root) NOPASSWD: /usr/sbin/dmidecode --string system-serial-number
# AEMBIT_PRIVILEGED_KEYTAB aembit_agent_proxy ALL=(root:root) NOPASSWD: /usr/bin/curl --negotiate --user \: --fail {{ AGENT_CONTROLLER_LOCATION }}/api/v1/attested-document/kerberos
# AEMBIT_PRIVILEGED_KEYTAB aembit_agent_proxy ALL=(root:root) NOPASSWD: /usr/bin/kinit -k -t /etc/krb5.keytab {{ SAMACCOUNT_PRINCIPAL }}
