If your friend is anything more than an acquaintance (someone you have grown to trust) then he actually has done you a favor. Just be certain how far that favor goes. You're doing the right thing getting closure. Don't assume. Find out.
It is pretty rare that we have to worry about attacks in Linux because there is just so much "low hanging fruit" (read: windows pcs) out there. However this should never be assumed to be sufficient protection. There really is no need for an AntiVirus or Anti-Spyware/Malwar application but it is essential to have a decent firewall, pay attention to security procedures, occasionally check for rootkits and keep paranoid while keeping your paranoia in check with a few checks.
LSOF - This stands for "List Open Files" and is a basic CLI command (lsof) but also has numerous good graphic front ends to keep an eye on what's being used and by whom.
WHO - The "who" command will list every active login in realtime. Don't be alarmed if you see 2 or more of yourself since opening a terminal, for example qualifies as an additional login.
There are many other simple commands to suss out who is doing what (whois, traceroute, netstat, etc) but the first line of defense is simply to learn how iptables works. I'm also pretty fond of "snort" and "tripwire"
PS I have known guys so paranoid that they had a trigger to send dmesg output to a !loud! dot matrix printer if they were even pinged.
Another put his dangerous root commands on a CD (couoldn't be overwritten) and symlinked them. There are apps that "touch" sensitive files and will notify you if any of them are changed. IMHO this is too paranoid. Be reasonable but be safe.Edited by enorbet2 - 5/20/11 at 8:14am