Disable Secure Boot for Tenable Nessus Network Monitor High Performance Mode

On some versions of Linux, the operating system has a Secure Boot option that prevents programs from loading kernel modules. In some versions, such as Red Hat Enterprise Linux 8, Secure Boot is enabled by default. If your Linux operating system has Secure Boot enabled, you must disable Secure Boot mode to run Tenable Nessus Network Monitor in high performance mode.

Note: SELinux is a Linux kernel security module and has rules to prevent programs from loading kernel modules. Tenable Nessus Network Monitor modules comply with these rules, so these security measures are still in place for your system even if you disable Secure Boot.

To disable Secure Boot mode in Red Hat Enterprise Linux:

  1. As a root user, access the system's console.

  2. To check whether your system has Secure Boot enabled or disabled, type:

    /usr/bin/mokutil --sb-state

    If Secure Boot is disabled, you can run Tenable Nessus Network Monitor in High Performance Mode. If Secure Boot is enabled, continue with the rest of the procedure.

  3. To disable Secure Boot mode, type:

    /usr/bin/mokutil --disable-validation

    The system prompts you for a password.

  4. Type a temporary password and confirm the password when prompted.

    Tip: Ensure you remember this temporary password because you are required to enter it when you first restart the system after changing the Secure Boot state.

  5. To restart the system, type:

    reboot

    The system restarts and displays the MOK management screen.

  6. On the MOK management screen, press any key to advance.

  7. Select Change Secure Boot state.

  8. Follow the prompts to enter characters from your temporary password.

  9. When prompted to disable Secure Boot, select Yes.

    The system prompts you to restart.

  10. Restart your system.

    The system restarts with Secure Boot mode disabled. You can now run Tenable Nessus Network Monitor in High Performance mode.

What to do next: