This is a reply in regarding the question on the thread

about a linux machine that was "supposedly hacked".

Well, given your admin enabled logging, you could check the logs on how the person got inside and your counter-measures would varry depending on how your security was compromised. but yeah, check on the logs if there is one.