I've thought a lot about the best way to restart services, and have come up with a few strategies. They are definitely related to the boot process, and of course security is a concern.
Monit
This example from the incron docs might work:
check file httpd_bin with path /usr/local/apache/bin/httpd
if failed checksum
and expect 8f7f419955cefa0b33a2ba316cba3659
then unmonitor
if failed permission 755 then unmonitor
if failed uid root then unmonitor
if failed gid root then unmonitor
if changed timestamp then alert
alert security@bar on {checksum, timestamp,
permission, uid, gid}
with mail-format {subject: Alaaarrm! on $HOST}
group apache
incron
Incron can watch specific directories and files for changes, and when changes occur, it will execute specific actions.
knockd
Usually used for iptables management, knockd could potentially execute custom commands for controlling services.
runit
Runit can be run alongside a regular init, and it has a service supervision daemon.
restartd
Monitors /proc and potentially restarts services.
noshell
This sounds interesting,
userv
Service management by non-root users.
rssh / rbash / scponly / pdshell
Restricted shell, restricted bash, scponly - user can only transfer files, pdshell is an awesome ncurses based menu shell, configurable and all!