# An allow-list of commands that the Agent Proxy user can run as root.
aembit_agent_proxy ALL=(root:root) NOPASSWD: /opt/CrowdStrike/falconctl -g --aid
aembit_agent_proxy ALL=(root:root) NOPASSWD: /usr/sbin/dmidecode --string system-serial-number
# AEMBIT_PRIVILEGED_KEYTAB aembit_agent_proxy ALL=(root:root) NOPASSWD: /usr/bin/sg aembit -c /usr/bin/curl --negotiate --user \: --fail --http1.1 {{ AGENT_CONTROLLER_LOCATION }}/api/v1/attested-document/kerberos
# AEMBIT_PRIVILEGED_KEYTAB aembit_agent_proxy ALL=(root:root) NOPASSWD: /usr/bin/sg aembit -c /usr/bin/kinit -k -t /etc/krb5.keytab {{ SAMACCOUNT_PRINCIPAL }}
# AEMBIT_STEERING_HOSTS aembit_agent_proxy ALL=(root:root) NOPASSWD: {{ AEMBIT_AGENT_PROXY_INSTALL_DIR_SCRIPTS }}/rules.sh update *
