Mar 31 14:20:19 prd-ubuntu1804-docker-8c-8g-12278 passwd[984]: password for 'ubuntu' changed by 'root'
Mar 31 14:20:19 prd-ubuntu1804-docker-8c-8g-12278 systemd-logind[1042]: Watching system buttons on /dev/input/event0 (Power Button)
Mar 31 14:20:19 prd-ubuntu1804-docker-8c-8g-12278 systemd-logind[1042]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Mar 31 14:20:19 prd-ubuntu1804-docker-8c-8g-12278 systemd-logind[1042]: New seat seat0.
Mar 31 14:20:19 prd-ubuntu1804-docker-8c-8g-12278 sshd[1105]: Server listening on 0.0.0.0 port 22.
Mar 31 14:20:19 prd-ubuntu1804-docker-8c-8g-12278 sshd[1105]: Server listening on :: port 22.
Mar 31 14:20:23 prd-ubuntu1804-docker-8c-8g-12278 sshd[1442]: Did not receive identification string from 10.30.104.4 port 33882
Mar 31 14:20:30 prd-ubuntu1804-docker-8c-8g-12278 sshd[1467]: Invalid user jenkins from 10.30.104.4 port 33884
Mar 31 14:20:30 prd-ubuntu1804-docker-8c-8g-12278 sshd[1467]: Received disconnect from 10.30.104.4 port 33884:11: Closed due to user request. [preauth]
Mar 31 14:20:30 prd-ubuntu1804-docker-8c-8g-12278 sshd[1467]: Disconnected from invalid user jenkins 10.30.104.4 port 33884 [preauth]
Mar 31 14:20:32 prd-ubuntu1804-docker-8c-8g-12278 sshd[1471]: Invalid user jenkins from 10.30.104.4 port 33886
Mar 31 14:20:32 prd-ubuntu1804-docker-8c-8g-12278 sshd[1471]: Received disconnect from 10.30.104.4 port 33886:11: Closed due to user request. [preauth]
Mar 31 14:20:32 prd-ubuntu1804-docker-8c-8g-12278 sshd[1471]: Disconnected from invalid user jenkins 10.30.104.4 port 33886 [preauth]
Mar 31 14:20:34 prd-ubuntu1804-docker-8c-8g-12278 sshd[1473]: Invalid user jenkins from 10.30.104.4 port 33888
Mar 31 14:20:34 prd-ubuntu1804-docker-8c-8g-12278 sshd[1473]: Received disconnect from 10.30.104.4 port 33888:11: Closed due to user request. [preauth]
Mar 31 14:20:34 prd-ubuntu1804-docker-8c-8g-12278 sshd[1473]: Disconnected from invalid user jenkins 10.30.104.4 port 33888 [preauth]
Mar 31 14:20:36 prd-ubuntu1804-docker-8c-8g-12278 sshd[1475]: Invalid user jenkins from 10.30.104.4 port 33890
Mar 31 14:20:36 prd-ubuntu1804-docker-8c-8g-12278 sshd[1475]: Received disconnect from 10.30.104.4 port 33890:11: Closed due to user request. [preauth]
Mar 31 14:20:36 prd-ubuntu1804-docker-8c-8g-12278 sshd[1475]: Disconnected from invalid user jenkins 10.30.104.4 port 33890 [preauth]
Mar 31 14:20:39 prd-ubuntu1804-docker-8c-8g-12278 sshd[1698]: Invalid user jenkins from 10.30.104.4 port 33896
Mar 31 14:20:39 prd-ubuntu1804-docker-8c-8g-12278 sshd[1698]: Received disconnect from 10.30.104.4 port 33896:11: Closed due to user request. [preauth]
Mar 31 14:20:39 prd-ubuntu1804-docker-8c-8g-12278 sshd[1698]: Disconnected from invalid user jenkins 10.30.104.4 port 33896 [preauth]
Mar 31 14:20:41 prd-ubuntu1804-docker-8c-8g-12278 sshd[1744]: Invalid user jenkins from 10.30.104.4 port 33898
Mar 31 14:20:41 prd-ubuntu1804-docker-8c-8g-12278 sshd[1744]: Received disconnect from 10.30.104.4 port 33898:11: Closed due to user request. [preauth]
Mar 31 14:20:41 prd-ubuntu1804-docker-8c-8g-12278 sshd[1744]: Disconnected from invalid user jenkins 10.30.104.4 port 33898 [preauth]
Mar 31 14:20:43 prd-ubuntu1804-docker-8c-8g-12278 sshd[1746]: Invalid user jenkins from 10.30.104.4 port 33900
Mar 31 14:20:43 prd-ubuntu1804-docker-8c-8g-12278 sshd[1746]: Received disconnect from 10.30.104.4 port 33900:11: Closed due to user request. [preauth]
Mar 31 14:20:43 prd-ubuntu1804-docker-8c-8g-12278 sshd[1746]: Disconnected from invalid user jenkins 10.30.104.4 port 33900 [preauth]
Mar 31 14:20:45 prd-ubuntu1804-docker-8c-8g-12278 useradd[1772]: new group: name=jenkins, GID=1001
Mar 31 14:20:45 prd-ubuntu1804-docker-8c-8g-12278 useradd[1772]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
Mar 31 14:20:45 prd-ubuntu1804-docker-8c-8g-12278 usermod[1779]: add 'jenkins' to group 'docker'
Mar 31 14:20:45 prd-ubuntu1804-docker-8c-8g-12278 usermod[1779]: add 'jenkins' to shadow group 'docker'
Mar 31 14:20:46 prd-ubuntu1804-docker-8c-8g-12278 sshd[1828]: Accepted publickey for jenkins from 10.30.104.4 port 33902 ssh2: RSA SHA256:V0799BjlU//1ruj1g81rY7MeNIJkwAJ0Kr3lNX3XaN4
Mar 31 14:20:46 prd-ubuntu1804-docker-8c-8g-12278 sshd[1828]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
Mar 31 14:20:46 prd-ubuntu1804-docker-8c-8g-12278 systemd-logind[1042]: New session 1 of user jenkins.
Mar 31 14:20:46 prd-ubuntu1804-docker-8c-8g-12278 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
Mar 31 14:21:02 prd-ubuntu1804-docker-8c-8g-12278 CRON[2391]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 31 14:21:02 prd-ubuntu1804-docker-8c-8g-12278 CRON[2391]: pam_unix(cron:session): session closed for user root
Mar 31 14:22:01 prd-ubuntu1804-docker-8c-8g-12278 CRON[2943]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 31 14:22:01 prd-ubuntu1804-docker-8c-8g-12278 CRON[2943]: pam_unix(cron:session): session closed for user root
Mar 31 14:23:01 prd-ubuntu1804-docker-8c-8g-12278 CRON[5643]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 31 14:23:01 prd-ubuntu1804-docker-8c-8g-12278 CRON[5643]: pam_unix(cron:session): session closed for user root
Mar 31 14:24:01 prd-ubuntu1804-docker-8c-8g-12278 CRON[9204]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 31 14:24:01 prd-ubuntu1804-docker-8c-8g-12278 CRON[9204]: pam_unix(cron:session): session closed for user root
Mar 31 14:25:01 prd-ubuntu1804-docker-8c-8g-12278 CRON[9638]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 31 14:25:01 prd-ubuntu1804-docker-8c-8g-12278 CRON[9638]: pam_unix(cron:session): session closed for user root
Mar 31 14:26:01 prd-ubuntu1804-docker-8c-8g-12278 CRON[10195]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 31 14:26:01 prd-ubuntu1804-docker-8c-8g-12278 CRON[10195]: pam_unix(cron:session): session closed for user root
Mar 31 14:26:03 prd-ubuntu1804-docker-8c-8g-12278 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/integration-xtesting-security-docker-merge-master ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp
Mar 31 14:26:03 prd-ubuntu1804-docker-8c-8g-12278 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)