...about knowing if and how someone got in and what they did: the logfiles could help - but if you where broken into by someone, who was really knowing what he/she was doing, these way have been forged / cleaned of evidence.
I'd update the distribution you are using - preferrably first saving important data and then reinstall from ground up - if you do not know how they came in and what exactly they did, this is the safeest thing to do.
Then get a firewall running - its included in the kernel and information on how to set it up you can find through Google and in your docs...
Then get familiar with tripwire - install it and check _regularly_ against the data it produced when it was running over your _clean_ system.
Close all services your machine may be offering to the outside, exept those you will need to provide the services you want to provide - and know about setting up these services safely before you expose your System to the internet.
Thera are websites like
http://www.grc.com which you can use to test your machine/firewall.
Check regularly for needed security-updates of programms you run on your machine.
Jochen