Hi.
It's maybe the most shit question ever that I generated.
I mean any critical points of Linux, any files, or directory that must be monitoring to detect any suspicious activity.

For example:

/tmp
because many exploits in the Unix world rely on creating temporary files in the /tmp standard folder which are not always deleted after the system hack

/etc/passwd or /etc/shadow
because, sometimes hacker attacks may add a new user in /etc/passwd which can be remotely logged in a later date.

/etc/services
Suspicious services added to /etc/services. Opening a backdoor in a Unix system is sometimes a matter of adding two text lines

crontab or /etc/init.d
It's good to detect any persistence

So, what about else? Of course I missed many and would be happy if you helped

It depends on the purpose of the system. For example, if it has SSH running, then I would be monitoring /var/log/secure (or /var/log/auth.log) and alerting on brute force events. You could also have alerting on certain firewall logs. Example, when heartbleed came out, after patching I would set up log monitors for addresses attempting to exploit it.

Security is ongoing so I tend to read about what other people are doing and even explore some of my own original ideas to address challenges.

I think that the single most-important thing to do is: do not directly expose ssh. There's nothing "secure" about the fact that it is a shell.

Your outer bastion of defense should be OpenVPN with one-of-a-kind digital certificates and tls-auth, as I describe on my blog here. Use this to create a secret(!) outer door, and arrange for SSH and all other services (other than, perhaps, http(s)) to listen only to its gateway port. Use firewalls to make damn sure they can't talk directly or be talked-to.

Once you do that, something very dramatic happens: the number of unauthorized access attempts drops to zero and stays there. Anyone who "port scans" your computer, even suspecting that you're running OpenVPN there, will perceive that nothing's there. You can't attack a computer if you can't find it.

sniff, sniff sniff...smells like homework to me.....

Although, if not it could turn into a good sticky