Someone broke into my system!

I am running Red Hat 7.0(looking at upgrading to 7.2). Everything is being blocked by a firewall but FINGER and my WWW ports. Someone keeps on going in trying to install stuff on my machine. Is there a way I can see who this is or just see how heis getting in?

I am running Apache 1.3 with PostgreSql 6.5.