In some cases, a Linux collector would fail to upgrade properly. Going through the logs in /var/log/messages, the following error may be found:

Apr 16 01:27:51 <hostname> FortiEDRCollector[85993]: /opt/FortiEDRCollector/scripts/fortiedr_service_script: line 485: lsmod: command not found
Apr 16 01:27:51 <hostname> root[85996]: fortiedr_upgrade_service: failed to stop the collector

The collector's upgrade requires the kmod package to be installed, which is responsible for handling various operations related to Linux modules. The above error refers to lsmod not being found, which is one of the symlinks pointing to the actual kmod binary:

[root@localhost bin]# cd /usr/sbin
[root@localhost sbin]# ll | grep mod
lrwxrwxrwx. 1 root root 11 Oct 24 2023 depmod -> ../bin/kmod
lrwxrwxrwx. 1 root root 8 Apr 16 2024 genhomedircon -> semodule
-rwxr-xr-x. 1 root root 101752 Nov 21 2023 groupmod
lrwxrwxrwx. 1 root root 11 Oct 24 2023 insmod -> ../bin/kmod
-rwxr-xr-x. 1 root root 20352 Sep 24 2024 lgroupmod
lrwxrwxrwx. 1 root root 11 Oct 24 2023 lsmod -> ../bin/kmod
-rwxr-xr-x. 1 root root 20360 Sep 24 2024 lusermod
lrwxrwxrwx. 1 root root 11 Oct 24 2023 modinfo -> ../bin/kmod
lrwxrwxrwx. 1 root root 11 Oct 24 2023 modprobe -> ../bin/kmod
lrwxrwxrwx. 1 root root 11 Oct 24 2023 rmmod -> ../bin/kmod

To resolve this issue, the kmod package will need to be installed in the system before the collector can be upgraded.