The Linux Collector has two modes of operation, namely, application and kernel mode. When Collector kicks off, it checks the kernel version on the Linux endpoint. If it is a supported Linux kernel, Collector enters a full kernel mode. Otherwise, to avoid running into a degraded state, the collector operates as an application that still protects with limited functionality.

There is no currently public list available, due to the rapidly changing environment, where newer versions of kernels are released at a fast pace; however, when the collector is already installed on a Linux device, the following command can be executed to list the supported kernel versions for such OS/Distribution version:

/opt/FortiEDRCollector/control.sh --supported-versions

Example executed on Ubuntu 24.03.3 LTS:

# sudo /opt/FortiEDRCollector/control.sh --supported-versions
base_driver_6_14_0_27_generic_4
base_driver_6_8_0_31_generic_4
base_driver_6_8_0_40_generic_4
base_driver_6_8_0_45_generic_4
base_driver_6_8_0_47_generic_4
base_driver_6_8_0_56_generic_4
base_driver_6_8_0_57_generic_4
6_14_0_27
6_8_0_31
6_8_0_40
6_8_0_45
6_8_0_47

This is the best approach to retrieve the supported Linux Kernel versions for a certain FortiEDR Collector.

To confirm the kernel version being used in the endpoint, execute the following command:

# uname -r

Important Note:

Starting from Linux collector v6.1 release, FortiEDR will no longer rely on the kernel version.
This command will provide the service status, and in case of an unsupported kernel, will list the supported kernels.

# sudo /opt/FortiEDRCollector/control.sh --status