Ok, you have locked the intruder out, and recovered your system, but you're not quite done yet. While it is unlikely that most intruders will ever be caught, you should report the attack.
You should report the attack to the admin contact at
the site where the attacker attacked your system. You can look up this
contact with whois
or the Internic database. You might send them an
email with all applicable log entries and dates and times. If you
spotted anything else distinctive about your intruder, you might
mention that too. After sending the email, you should (if you are so
inclined) follow up with a phone call. If that admin in turn spots
your attacker, they might be able to talk to the admin of the site
where they are coming from and so on.
Good crackers often use many intermediate systems, some (or many) of which may not even know they have been compromised. Trying to track a cracker back to their home system can be difficult. Being polite to the admins you talk to can go a long way to getting help from them.
You should also notify any security organizations you are a part of (CERT or similar), as well as your Linux system vendor.