This update is skin deep, but mile wide.
For the audit side of the house, it installs auditd inside of gpdailyworker. Then, gphourlyworker checks the rules, and sets up watches and restarts auditd. What does auditd do? It monitors key directories for any change events. Deletions, changes, etc. It can, but does not monitor accesses today. Didn't want to bloat the log. In the audit log, it can show what command and user did an action against a file. Now in various other regular files like gp, gpworker, gpbup, etc, I added PID echoing to /var/log/gridpane.log. You can match up the PID with that script run, to the audit log, and show conclusively what script did what action. If we have a weird issue, like SSLs being deleted, we'll have greater insight into what exactly happened and most importantly WHO/WHAT did it. We'll be able to narrow things down quickly.
Also as part of this effort, I've built a Server Safety backup so to speak. While Jeff has built backup mechanisms in the script, for example if you turn off SSL and have a working SSL, it'll back it up. The problem comes in though when something is deleted that didn't go through that script workflow, and wasn't backed up. This is just an extra safety backup. When Duplicacy is out, I expect to be able to remove this backup. It's lightweight, takes only seconds to run, and consumes very little space. It doesn't maintain versioning of files.
I've tested everything on a fresh release server, I believe it's ready, but needs more testing. Training materials on how to use it will be forthcoming as well.