|
Linux Collector 4.5.1 has two modes of operation:
- kernel
- application-only
When the Collector starts, it reads the Linux kernel on the machine. If the Linux kernel is supported, the Collector enters into a full kernel mode of operation (kernel).
Otherwise, instead of going into a degraded state, the Collector runs as a Linux application with limited functionality (application-only).
The following is a summary of existing Linux Collector versions and their operation modes:
|
Collector version
|
App/Kernel
|
Supported OS
|
|
v5.1.1
|
Adaptive
|
All Supported Distributions
|
|
v4.5.1
|
Application/Kernel
|
CentOS 6, 7, 8, Ubuntu 16.04, 18.04, 20.04
|
|
v4.5.0.145+
|
Application
|
OpenSUSE, Amazon AMI2, SLES v12, SLES v15, Oracle 8.2+, Oracle 7.7+
|
|
v4.5.0.139
|
Application
|
OpenSUSE, Amazon AMI2, SLES v15
|
|
v4.5.0.137
|
Application
|
Oracle 8.2+, Oracle 7.7+
|
|
v4.1 and lower
|
Kernel
|
CentOS 6, 7, 8, Ubuntu 16.04, 18.04, 20.04
|
Linux Application features summary:
Main supported functions of the Linux Collector application mode:
- Pre-execution Prevention.
- Communication Control visibility.
- Installation, revision upgrades, uninstallation.
- Analysis: File retrieval.
- IR: File remediation.
Known limitations of the Linux Collector application mode:
1) Communication Control blocks are not possible.
2) IR: Device isolation with Collector is not possible.
3) Limited Forensics visibility is available.
4) Threat-hunting is not possible.
5) Upgrades from Collector v3.1 or 4.1 to v4.5 are not possible. v4.5 is application only.
6) Hardening of the Collector files is not possible.
7) The Request Custom installers feature in the Manager Console is not available.
v5.1.1 What's Included:
- This collector version can run on any supported Linux distributions: CentOS/RHEL, Ubuntu, Oracle, AMI, and SLES.
- Threat hunting data collection is available in user space mode.
- FortiEDR Linux kernel modules are signed.
|
