Feb  5 14:20:23 prd-ubuntu1804-docker-8c-8g-2793 passwd[998]: password for 'ubuntu' changed by 'root'
Feb  5 14:20:23 prd-ubuntu1804-docker-8c-8g-2793 systemd-logind[1068]: Watching system buttons on /dev/input/event0 (Power Button)
Feb  5 14:20:23 prd-ubuntu1804-docker-8c-8g-2793 systemd-logind[1068]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Feb  5 14:20:23 prd-ubuntu1804-docker-8c-8g-2793 systemd-logind[1068]: New seat seat0.
Feb  5 14:20:23 prd-ubuntu1804-docker-8c-8g-2793 sshd[1116]: Server listening on 0.0.0.0 port 22.
Feb  5 14:20:23 prd-ubuntu1804-docker-8c-8g-2793 sshd[1116]: Server listening on :: port 22.
Feb  5 14:20:25 prd-ubuntu1804-docker-8c-8g-2793 sshd[1465]: Did not receive identification string from 10.30.104.4 port 41798
Feb  5 14:20:34 prd-ubuntu1804-docker-8c-8g-2793 sshd[1489]: Invalid user jenkins from 10.30.104.4 port 41806
Feb  5 14:20:34 prd-ubuntu1804-docker-8c-8g-2793 sshd[1489]: Received disconnect from 10.30.104.4 port 41806:11: Closed due to user request. [preauth]
Feb  5 14:20:34 prd-ubuntu1804-docker-8c-8g-2793 sshd[1489]: Disconnected from invalid user jenkins 10.30.104.4 port 41806 [preauth]
Feb  5 14:20:36 prd-ubuntu1804-docker-8c-8g-2793 sshd[1493]: Invalid user jenkins from 10.30.104.4 port 41808
Feb  5 14:20:36 prd-ubuntu1804-docker-8c-8g-2793 sshd[1493]: Received disconnect from 10.30.104.4 port 41808:11: Closed due to user request. [preauth]
Feb  5 14:20:36 prd-ubuntu1804-docker-8c-8g-2793 sshd[1493]: Disconnected from invalid user jenkins 10.30.104.4 port 41808 [preauth]
Feb  5 14:20:38 prd-ubuntu1804-docker-8c-8g-2793 sshd[1495]: Invalid user jenkins from 10.30.104.4 port 41812
Feb  5 14:20:38 prd-ubuntu1804-docker-8c-8g-2793 sshd[1495]: Received disconnect from 10.30.104.4 port 41812:11: Closed due to user request. [preauth]
Feb  5 14:20:38 prd-ubuntu1804-docker-8c-8g-2793 sshd[1495]: Disconnected from invalid user jenkins 10.30.104.4 port 41812 [preauth]
Feb  5 14:20:40 prd-ubuntu1804-docker-8c-8g-2793 sshd[1503]: Invalid user jenkins from 10.30.104.4 port 41814
Feb  5 14:20:40 prd-ubuntu1804-docker-8c-8g-2793 sshd[1503]: Received disconnect from 10.30.104.4 port 41814:11: Closed due to user request. [preauth]
Feb  5 14:20:40 prd-ubuntu1804-docker-8c-8g-2793 sshd[1503]: Disconnected from invalid user jenkins 10.30.104.4 port 41814 [preauth]
Feb  5 14:20:42 prd-ubuntu1804-docker-8c-8g-2793 sshd[1722]: Invalid user jenkins from 10.30.104.4 port 41816
Feb  5 14:20:42 prd-ubuntu1804-docker-8c-8g-2793 sshd[1722]: Received disconnect from 10.30.104.4 port 41816:11: Closed due to user request. [preauth]
Feb  5 14:20:42 prd-ubuntu1804-docker-8c-8g-2793 sshd[1722]: Disconnected from invalid user jenkins 10.30.104.4 port 41816 [preauth]
Feb  5 14:20:45 prd-ubuntu1804-docker-8c-8g-2793 sshd[1762]: Invalid user jenkins from 10.30.104.4 port 41818
Feb  5 14:20:45 prd-ubuntu1804-docker-8c-8g-2793 sshd[1762]: Received disconnect from 10.30.104.4 port 41818:11: Closed due to user request. [preauth]
Feb  5 14:20:45 prd-ubuntu1804-docker-8c-8g-2793 sshd[1762]: Disconnected from invalid user jenkins 10.30.104.4 port 41818 [preauth]
Feb  5 14:20:47 prd-ubuntu1804-docker-8c-8g-2793 sshd[1764]: Invalid user jenkins from 10.30.104.4 port 41820
Feb  5 14:20:47 prd-ubuntu1804-docker-8c-8g-2793 sshd[1764]: Received disconnect from 10.30.104.4 port 41820:11: Closed due to user request. [preauth]
Feb  5 14:20:47 prd-ubuntu1804-docker-8c-8g-2793 sshd[1764]: Disconnected from invalid user jenkins 10.30.104.4 port 41820 [preauth]
Feb  5 14:20:49 prd-ubuntu1804-docker-8c-8g-2793 sshd[1773]: Invalid user jenkins from 10.30.104.4 port 41822
Feb  5 14:20:49 prd-ubuntu1804-docker-8c-8g-2793 sshd[1773]: Received disconnect from 10.30.104.4 port 41822:11: Closed due to user request. [preauth]
Feb  5 14:20:49 prd-ubuntu1804-docker-8c-8g-2793 sshd[1773]: Disconnected from invalid user jenkins 10.30.104.4 port 41822 [preauth]
Feb  5 14:20:51 prd-ubuntu1804-docker-8c-8g-2793 sshd[1777]: Invalid user jenkins from 10.30.104.4 port 41824
Feb  5 14:20:51 prd-ubuntu1804-docker-8c-8g-2793 sshd[1777]: Received disconnect from 10.30.104.4 port 41824:11: Closed due to user request. [preauth]
Feb  5 14:20:51 prd-ubuntu1804-docker-8c-8g-2793 sshd[1777]: Disconnected from invalid user jenkins 10.30.104.4 port 41824 [preauth]
Feb  5 14:20:51 prd-ubuntu1804-docker-8c-8g-2793 useradd[1795]: new group: name=jenkins, GID=1001
Feb  5 14:20:51 prd-ubuntu1804-docker-8c-8g-2793 useradd[1795]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
Feb  5 14:20:51 prd-ubuntu1804-docker-8c-8g-2793 usermod[1802]: add 'jenkins' to group 'docker'
Feb  5 14:20:51 prd-ubuntu1804-docker-8c-8g-2793 usermod[1802]: add 'jenkins' to shadow group 'docker'
Feb  5 14:20:53 prd-ubuntu1804-docker-8c-8g-2793 sshd[1863]: Accepted publickey for jenkins from 10.30.104.4 port 41828 ssh2: RSA SHA256:V0799BjlU//1ruj1g81rY7MeNIJkwAJ0Kr3lNX3XaN4
Feb  5 14:20:53 prd-ubuntu1804-docker-8c-8g-2793 sshd[1863]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
Feb  5 14:20:53 prd-ubuntu1804-docker-8c-8g-2793 systemd-logind[1068]: New session 1 of user jenkins.
Feb  5 14:20:53 prd-ubuntu1804-docker-8c-8g-2793 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
Feb  5 14:21:01 prd-ubuntu1804-docker-8c-8g-2793 CRON[2403]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  5 14:21:01 prd-ubuntu1804-docker-8c-8g-2793 CRON[2403]: pam_unix(cron:session): session closed for user root
Feb  5 14:22:01 prd-ubuntu1804-docker-8c-8g-2793 CRON[2689]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  5 14:22:01 prd-ubuntu1804-docker-8c-8g-2793 CRON[2689]: pam_unix(cron:session): session closed for user root
Feb  5 14:23:01 prd-ubuntu1804-docker-8c-8g-2793 CRON[5422]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  5 14:23:01 prd-ubuntu1804-docker-8c-8g-2793 CRON[5422]: pam_unix(cron:session): session closed for user root
Feb  5 14:24:01 prd-ubuntu1804-docker-8c-8g-2793 CRON[8089]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  5 14:24:01 prd-ubuntu1804-docker-8c-8g-2793 CRON[8089]: pam_unix(cron:session): session closed for user root
Feb  5 14:25:01 prd-ubuntu1804-docker-8c-8g-2793 CRON[9522]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  5 14:25:01 prd-ubuntu1804-docker-8c-8g-2793 CRON[9522]: pam_unix(cron:session): session closed for user root
Feb  5 14:26:01 prd-ubuntu1804-docker-8c-8g-2793 CRON[9696]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  5 14:26:01 prd-ubuntu1804-docker-8c-8g-2793 CRON[9696]: pam_unix(cron:session): session closed for user root
Feb  5 14:26:43 prd-ubuntu1804-docker-8c-8g-2793 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/integration-xtesting-security-docker-merge-master ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp
Feb  5 14:26:43 prd-ubuntu1804-docker-8c-8g-2793 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)