About a year ago, I was trying to figure out how the right config mgmt recipes make a CentOS 4-based machine1 properly auth against our internal LDAP servers. I was having a pretty hard time of it -- we had nailed it for Debian and for CentOS 5, but CentOS 4 changed some additional files when I ran `authconfig`.
I couldn't figure it out, and sort of paradoxically, I therefore only had one opportunity, per new machine, to figure it out. Otherwise I had to throw away the machine and re-instantiate, and even though it only took a couple minutes, it was still annoying. I knew that some file on disk was changing. I just couldn't figure out which file.
I took a page out of blueprint's book and used git to figure it out. First, I turned /etc into a git repository with a simple `cd /etc && git init`, and I committed the entire tree. Then I ran my authconfig command to set things up. Then, I could look at the changes with `git diff`, and I immediately found the culprit (which ended up being a line appended to one of the pam.d files).
I actually took it a step further and committed at three points in time: once after the machine first booted, another after cfengine ran, and then a third time after I ran `authconfig`. That allowed me to triangulate between those three states, to figure out which rules were missing and which rules were extraneous. It also allowed me to use `git checkout HEAD^^` to reset the machine to various states, to test my changes and my understanding of the system!
The best part is that when I was done, cleanup was a simple `rm -rf /etc/.git`, instead of cleaning up one directory within every single directory...
 Yes, CentOS 4. I know that it was super obsolete even a year ago. Don't ask, that's not the point. :)