I mean any critical points of ESXi, any files, or directory that must be monitored to detect any suspicious activity.
i.e (files that should stay static and change only when te system is deliberately updated):
I'll be very grateful for any guidance. Best regards,
Note this point: if you encounter a modification on your mentioned files in shell / SSH access, any commands from any user will be logged in the /var/log/shell.log file. If you are interested to check any suspicious CLI activities, check each of ESXi log files with a Syslog server that can be very useful.
This page is worth a look: Security Hardening Guides - VMware Security | UK