Dec  1 18:19:50 prd-ubuntu1804-docker-8c-8g-1522 passwd[1020]: password for 'ubuntu' changed by 'root'
Dec  1 18:19:50 prd-ubuntu1804-docker-8c-8g-1522 systemd-logind[1104]: Watching system buttons on /dev/input/event0 (Power Button)
Dec  1 18:19:50 prd-ubuntu1804-docker-8c-8g-1522 systemd-logind[1104]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Dec  1 18:19:50 prd-ubuntu1804-docker-8c-8g-1522 systemd-logind[1104]: New seat seat0.
Dec  1 18:19:50 prd-ubuntu1804-docker-8c-8g-1522 sshd[1140]: Server listening on 0.0.0.0 port 22.
Dec  1 18:19:50 prd-ubuntu1804-docker-8c-8g-1522 sshd[1140]: Server listening on :: port 22.
Dec  1 18:19:52 prd-ubuntu1804-docker-8c-8g-1522 sshd[1441]: Did not receive identification string from 10.30.104.4 port 48766
Dec  1 18:20:01 prd-ubuntu1804-docker-8c-8g-1522 sshd[1476]: Invalid user jenkins from 10.30.104.4 port 48908
Dec  1 18:20:01 prd-ubuntu1804-docker-8c-8g-1522 CRON[1481]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec  1 18:20:01 prd-ubuntu1804-docker-8c-8g-1522 CRON[1481]: pam_unix(cron:session): session closed for user root
Dec  1 18:20:01 prd-ubuntu1804-docker-8c-8g-1522 sshd[1476]: Received disconnect from 10.30.104.4 port 48908:11: Closed due to user request. [preauth]
Dec  1 18:20:01 prd-ubuntu1804-docker-8c-8g-1522 sshd[1476]: Disconnected from invalid user jenkins 10.30.104.4 port 48908 [preauth]
Dec  1 18:20:03 prd-ubuntu1804-docker-8c-8g-1522 sshd[1489]: Invalid user jenkins from 10.30.104.4 port 48920
Dec  1 18:20:04 prd-ubuntu1804-docker-8c-8g-1522 sshd[1489]: Received disconnect from 10.30.104.4 port 48920:11: Closed due to user request. [preauth]
Dec  1 18:20:04 prd-ubuntu1804-docker-8c-8g-1522 sshd[1489]: Disconnected from invalid user jenkins 10.30.104.4 port 48920 [preauth]
Dec  1 18:20:06 prd-ubuntu1804-docker-8c-8g-1522 sshd[1491]: Invalid user jenkins from 10.30.104.4 port 48922
Dec  1 18:20:06 prd-ubuntu1804-docker-8c-8g-1522 sshd[1491]: Received disconnect from 10.30.104.4 port 48922:11: Closed due to user request. [preauth]
Dec  1 18:20:06 prd-ubuntu1804-docker-8c-8g-1522 sshd[1491]: Disconnected from invalid user jenkins 10.30.104.4 port 48922 [preauth]
Dec  1 18:20:08 prd-ubuntu1804-docker-8c-8g-1522 sshd[1532]: Invalid user jenkins from 10.30.104.4 port 48924
Dec  1 18:20:08 prd-ubuntu1804-docker-8c-8g-1522 sshd[1532]: Received disconnect from 10.30.104.4 port 48924:11: Closed due to user request. [preauth]
Dec  1 18:20:08 prd-ubuntu1804-docker-8c-8g-1522 sshd[1532]: Disconnected from invalid user jenkins 10.30.104.4 port 48924 [preauth]
Dec  1 18:20:10 prd-ubuntu1804-docker-8c-8g-1522 sshd[1734]: Invalid user jenkins from 10.30.104.4 port 48926
Dec  1 18:20:10 prd-ubuntu1804-docker-8c-8g-1522 sshd[1734]: Received disconnect from 10.30.104.4 port 48926:11: Closed due to user request. [preauth]
Dec  1 18:20:10 prd-ubuntu1804-docker-8c-8g-1522 sshd[1734]: Disconnected from invalid user jenkins 10.30.104.4 port 48926 [preauth]
Dec  1 18:20:12 prd-ubuntu1804-docker-8c-8g-1522 sshd[1774]: Invalid user jenkins from 10.30.104.4 port 48930
Dec  1 18:20:12 prd-ubuntu1804-docker-8c-8g-1522 sshd[1774]: Received disconnect from 10.30.104.4 port 48930:11: Closed due to user request. [preauth]
Dec  1 18:20:12 prd-ubuntu1804-docker-8c-8g-1522 sshd[1774]: Disconnected from invalid user jenkins 10.30.104.4 port 48930 [preauth]
Dec  1 18:20:14 prd-ubuntu1804-docker-8c-8g-1522 sshd[1776]: Invalid user jenkins from 10.30.104.4 port 48932
Dec  1 18:20:14 prd-ubuntu1804-docker-8c-8g-1522 sshd[1776]: Received disconnect from 10.30.104.4 port 48932:11: Closed due to user request. [preauth]
Dec  1 18:20:14 prd-ubuntu1804-docker-8c-8g-1522 sshd[1776]: Disconnected from invalid user jenkins 10.30.104.4 port 48932 [preauth]
Dec  1 18:20:16 prd-ubuntu1804-docker-8c-8g-1522 sshd[1785]: Invalid user jenkins from 10.30.104.4 port 48934
Dec  1 18:20:17 prd-ubuntu1804-docker-8c-8g-1522 sshd[1785]: Received disconnect from 10.30.104.4 port 48934:11: Closed due to user request. [preauth]
Dec  1 18:20:17 prd-ubuntu1804-docker-8c-8g-1522 sshd[1785]: Disconnected from invalid user jenkins 10.30.104.4 port 48934 [preauth]
Dec  1 18:20:19 prd-ubuntu1804-docker-8c-8g-1522 sshd[1787]: Invalid user jenkins from 10.30.104.4 port 48936
Dec  1 18:20:19 prd-ubuntu1804-docker-8c-8g-1522 sshd[1787]: Received disconnect from 10.30.104.4 port 48936:11: Closed due to user request. [preauth]
Dec  1 18:20:19 prd-ubuntu1804-docker-8c-8g-1522 sshd[1787]: Disconnected from invalid user jenkins 10.30.104.4 port 48936 [preauth]
Dec  1 18:20:21 prd-ubuntu1804-docker-8c-8g-1522 sshd[1800]: Invalid user jenkins from 10.30.104.4 port 48938
Dec  1 18:20:21 prd-ubuntu1804-docker-8c-8g-1522 sshd[1800]: Received disconnect from 10.30.104.4 port 48938:11: Closed due to user request. [preauth]
Dec  1 18:20:21 prd-ubuntu1804-docker-8c-8g-1522 sshd[1800]: Disconnected from invalid user jenkins 10.30.104.4 port 48938 [preauth]
Dec  1 18:20:24 prd-ubuntu1804-docker-8c-8g-1522 sshd[1832]: Invalid user jenkins from 10.30.104.4 port 48940
Dec  1 18:20:24 prd-ubuntu1804-docker-8c-8g-1522 useradd[1834]: new group: name=jenkins, GID=1001
Dec  1 18:20:24 prd-ubuntu1804-docker-8c-8g-1522 useradd[1834]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
Dec  1 18:20:24 prd-ubuntu1804-docker-8c-8g-1522 sshd[1832]: Received disconnect from 10.30.104.4 port 48940:11: Closed due to user request. [preauth]
Dec  1 18:20:24 prd-ubuntu1804-docker-8c-8g-1522 sshd[1832]: Disconnected from invalid user jenkins 10.30.104.4 port 48940 [preauth]
Dec  1 18:20:24 prd-ubuntu1804-docker-8c-8g-1522 usermod[1841]: add 'jenkins' to group 'docker'
Dec  1 18:20:24 prd-ubuntu1804-docker-8c-8g-1522 usermod[1841]: add 'jenkins' to shadow group 'docker'
Dec  1 18:20:26 prd-ubuntu1804-docker-8c-8g-1522 sshd[1902]: Accepted publickey for jenkins from 10.30.104.4 port 48942 ssh2: RSA SHA256:V0799BjlU//1ruj1g81rY7MeNIJkwAJ0Kr3lNX3XaN4
Dec  1 18:20:26 prd-ubuntu1804-docker-8c-8g-1522 sshd[1902]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
Dec  1 18:20:26 prd-ubuntu1804-docker-8c-8g-1522 systemd-logind[1104]: New session 2 of user jenkins.
Dec  1 18:20:26 prd-ubuntu1804-docker-8c-8g-1522 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
Dec  1 18:21:01 prd-ubuntu1804-docker-8c-8g-1522 CRON[2127]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec  1 18:21:01 prd-ubuntu1804-docker-8c-8g-1522 CRON[2127]: pam_unix(cron:session): session closed for user root
Dec  1 18:22:01 prd-ubuntu1804-docker-8c-8g-1522 CRON[2131]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec  1 18:22:01 prd-ubuntu1804-docker-8c-8g-1522 CRON[2131]: pam_unix(cron:session): session closed for user root
Dec  1 18:23:01 prd-ubuntu1804-docker-8c-8g-1522 CRON[2134]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec  1 18:23:01 prd-ubuntu1804-docker-8c-8g-1522 CRON[2134]: pam_unix(cron:session): session closed for user root
Dec  1 18:24:01 prd-ubuntu1804-docker-8c-8g-1522 CRON[2165]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec  1 18:24:01 prd-ubuntu1804-docker-8c-8g-1522 CRON[2165]: pam_unix(cron:session): session closed for user root
Dec  1 18:25:01 prd-ubuntu1804-docker-8c-8g-1522 CRON[2689]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec  1 18:25:02 prd-ubuntu1804-docker-8c-8g-1522 CRON[2689]: pam_unix(cron:session): session closed for user root
Dec  1 18:26:01 prd-ubuntu1804-docker-8c-8g-1522 CRON[3216]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec  1 18:26:01 prd-ubuntu1804-docker-8c-8g-1522 CRON[3216]: pam_unix(cron:session): session closed for user root
Dec  1 18:27:00 prd-ubuntu1804-docker-8c-8g-1522 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/integration-xtesting-security-docker-merge-kohn ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp
Dec  1 18:27:00 prd-ubuntu1804-docker-8c-8g-1522 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)