Why Auditing and Vulnerability Scanning are Different Things

Why is auditing and vulnerability no the same? In this article we have a look at both and look at the differences.


As the author of Lynis, we hear often the question: It is like Nessus, right? It seems that everything is compared with Nessus, especially when it comes to Linux security. Surprise, it is not. Let’s get things straight, and talk about the benefits of both. Vulnerability Scanning Scanners like Nessus and OpenVAS are great tools. You drop a system in the network and start scanning. The scanner then usually starts with a ping sweep to detect which systems are alive and providing services.

Product comparison: Lynis VS Nessus

In this article we do a comparison of Tenable Nessus and Lynis from CISOfy. We look at the features, their goals and where they can be compared or differ.


Professionals ask us often how Lynis is different than Tenable Nessus. As the original author of Lynis, let me address that very interesting question. Different goal Nessus is focused on vulnerability scanning, or in other words, finding weaknesses in you environment. The huge amount of plugins and their actions show that this is the primary focus. Along the way it started to implement others services, like compliance checking. Lynis also detects vulnerabilities, but that is not its main goal.