Well, if it's an attacker you could get an ip from your firewall logs. That is, unless somehow they've gotten through your defenses Of course, any ip address you get will most likely be a proxy or the address of a zombie (a computer compromised by a cracker to use in attacks). But then again, there probably are some clueless script kiddies using their own computers. If you have an actual intrusion most likely a malicious attacker with any sense will alter your logs (if they have root access).

As far as your flag, try the edit your profile link on the front page.

See this link for some command line help The Link

This site also has some Linux command line tutorials I think. Check out the Tutorials Forum.

Also, feel free to post Linux related (Non-security) questions in the Operating Systems Forum.