I have been googling around for different guides on what files to monitor that people would edit for malicious intent. In my readings so far, i have found the common files people edit.
so far i have found:
  1. /etc/hosts
  2. ufw config files
  3. /bin/login

what other files do you guys monitor actively and why?

Thanks in advance!