The latest tagged version under the above link is 2.2.1 but there are only small changes to 2.2.2 which is the actual 'trunk' https://fedorahosted.org/audit/browser/trunk those changes appear at least to me to be non-trivial from the Changelog in 'trunk' which says 2.2.2 https://fedorahosted.org/audit/browser/trunk/ChangeLog Reproducible: Always changes since 2.13 1 2.2.2 2 - In auditd, tcp_max_per_addr was allowing 1 more connection than specified 3 - In ausearch, fix matching of object records 4 5 2.2.1 6 - Add more interpretations in auparse for syscall parameters 7 - Add some interpretations to ausearch for syscall parameters 8 - In ausearch/report and auparse, allocate extra space for node names 9 - Update syscall tables for the 3.3.0 kernel 10 - Update libev to 4.0.4 11 - Reduce the size of some applications 12 - In auditctl, check usage against euid rather than uid 13 14 2.2 15 - Correct all rules for clock_settime 16 - Fix possible segfault in auparse library 17 - Handle malformed socket addresses better 18 - Improve performance in audit_log_user_message() 19 - Improve performance in writing to the log file in auditd 20 - Syscall update for accept4 and recvmmsg 21 - Update autrace resource usage mode syscall list 22 - Improved sample rules for recent syscalls 23 - Add some debug info to audisp-remote startup and shutdown 24 - Make compiling with Python optional 25 - In auditd, if disk_error_action is ignore, don't syslog anything 26 - Fix some memory leaks 27 - If audispd is stopping, don't restart children 28 - Add support in auditctl for shell escaped filenames (Alexander) 29 - Add search support for virt events (Marcelo Cerri) 30 - Update interpretation tables 31 - Sync auparse's auditd config parser with auditd's parser 32 - In ausearch, also use cwd fields in file name searchs 33 - In ausearch, parse cwd in USER_CMD events 34 - In ausearch, correct parsing of uid in user space events 35 - In ausearch, update parsing of integrity events 36 - Apply some text cleanups from Debian (Russell Coker) 37 - In auditd, relax some permission checks for external apps 38 - Add ROLE_MODIFY event type 39 - In auditctl, new -c option to continue through bad rules but with failed exit 40 - Add auvirt program to do special reporting on virt events (Marcelo Cerri) 41 - Add interfield comparison support to auditctl (Peter Moody) 42 - Update auparse type intepretation for apparmor (Marcelo Cerri) 43 - Increase tcp_max_per_addr maximum to 1024.
2.2.2 in the tree, depending an issue with python swig before unmasking.