Jul  7 14:22:00 prd-ubuntu1804-docker-8c-8g-26443 passwd[985]: password for 'ubuntu' changed by 'root'
Jul  7 14:22:00 prd-ubuntu1804-docker-8c-8g-26443 systemd-logind[1058]: Watching system buttons on /dev/input/event0 (Power Button)
Jul  7 14:22:00 prd-ubuntu1804-docker-8c-8g-26443 systemd-logind[1058]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Jul  7 14:22:00 prd-ubuntu1804-docker-8c-8g-26443 systemd-logind[1058]: New seat seat0.
Jul  7 14:22:00 prd-ubuntu1804-docker-8c-8g-26443 sshd[1075]: Server listening on 0.0.0.0 port 22.
Jul  7 14:22:00 prd-ubuntu1804-docker-8c-8g-26443 sshd[1075]: Server listening on :: port 22.
Jul  7 14:22:03 prd-ubuntu1804-docker-8c-8g-26443 sshd[1388]: Did not receive identification string from 10.30.104.4 port 53864
Jul  7 14:22:11 prd-ubuntu1804-docker-8c-8g-26443 sshd[1416]: Invalid user jenkins from 10.30.104.4 port 53886
Jul  7 14:22:11 prd-ubuntu1804-docker-8c-8g-26443 sshd[1416]: Received disconnect from 10.30.104.4 port 53886:11: Closed due to user request. [preauth]
Jul  7 14:22:11 prd-ubuntu1804-docker-8c-8g-26443 sshd[1416]: Disconnected from invalid user jenkins 10.30.104.4 port 53886 [preauth]
Jul  7 14:22:13 prd-ubuntu1804-docker-8c-8g-26443 sshd[1420]: Invalid user jenkins from 10.30.104.4 port 53896
Jul  7 14:22:13 prd-ubuntu1804-docker-8c-8g-26443 sshd[1420]: Received disconnect from 10.30.104.4 port 53896:11: Closed due to user request. [preauth]
Jul  7 14:22:13 prd-ubuntu1804-docker-8c-8g-26443 sshd[1420]: Disconnected from invalid user jenkins 10.30.104.4 port 53896 [preauth]
Jul  7 14:22:15 prd-ubuntu1804-docker-8c-8g-26443 sshd[1422]: Invalid user jenkins from 10.30.104.4 port 53898
Jul  7 14:22:15 prd-ubuntu1804-docker-8c-8g-26443 sshd[1422]: Received disconnect from 10.30.104.4 port 53898:11: Closed due to user request. [preauth]
Jul  7 14:22:15 prd-ubuntu1804-docker-8c-8g-26443 sshd[1422]: Disconnected from invalid user jenkins 10.30.104.4 port 53898 [preauth]
Jul  7 14:22:17 prd-ubuntu1804-docker-8c-8g-26443 sshd[1452]: Invalid user jenkins from 10.30.104.4 port 53900
Jul  7 14:22:18 prd-ubuntu1804-docker-8c-8g-26443 sshd[1452]: Received disconnect from 10.30.104.4 port 53900:11: Closed due to user request. [preauth]
Jul  7 14:22:18 prd-ubuntu1804-docker-8c-8g-26443 sshd[1452]: Disconnected from invalid user jenkins 10.30.104.4 port 53900 [preauth]
Jul  7 14:22:20 prd-ubuntu1804-docker-8c-8g-26443 sshd[1670]: Invalid user jenkins from 10.30.104.4 port 53906
Jul  7 14:22:20 prd-ubuntu1804-docker-8c-8g-26443 sshd[1670]: Received disconnect from 10.30.104.4 port 53906:11: Closed due to user request. [preauth]
Jul  7 14:22:20 prd-ubuntu1804-docker-8c-8g-26443 sshd[1670]: Disconnected from invalid user jenkins 10.30.104.4 port 53906 [preauth]
Jul  7 14:22:22 prd-ubuntu1804-docker-8c-8g-26443 sshd[1693]: Invalid user jenkins from 10.30.104.4 port 53916
Jul  7 14:22:22 prd-ubuntu1804-docker-8c-8g-26443 sshd[1693]: Received disconnect from 10.30.104.4 port 53916:11: Closed due to user request. [preauth]
Jul  7 14:22:22 prd-ubuntu1804-docker-8c-8g-26443 sshd[1693]: Disconnected from invalid user jenkins 10.30.104.4 port 53916 [preauth]
Jul  7 14:22:24 prd-ubuntu1804-docker-8c-8g-26443 sshd[1695]: Invalid user jenkins from 10.30.104.4 port 53918
Jul  7 14:22:24 prd-ubuntu1804-docker-8c-8g-26443 sshd[1695]: Received disconnect from 10.30.104.4 port 53918:11: Closed due to user request. [preauth]
Jul  7 14:22:24 prd-ubuntu1804-docker-8c-8g-26443 sshd[1695]: Disconnected from invalid user jenkins 10.30.104.4 port 53918 [preauth]
Jul  7 14:22:26 prd-ubuntu1804-docker-8c-8g-26443 useradd[1722]: new group: name=jenkins, GID=1001
Jul  7 14:22:26 prd-ubuntu1804-docker-8c-8g-26443 useradd[1722]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
Jul  7 14:22:26 prd-ubuntu1804-docker-8c-8g-26443 usermod[1729]: add 'jenkins' to group 'docker'
Jul  7 14:22:26 prd-ubuntu1804-docker-8c-8g-26443 usermod[1729]: add 'jenkins' to shadow group 'docker'
Jul  7 14:22:27 prd-ubuntu1804-docker-8c-8g-26443 sshd[1768]: Accepted publickey for jenkins from 10.30.104.4 port 53924 ssh2: RSA SHA256:V0799BjlU//1ruj1g81rY7MeNIJkwAJ0Kr3lNX3XaN4
Jul  7 14:22:27 prd-ubuntu1804-docker-8c-8g-26443 sshd[1768]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
Jul  7 14:22:27 prd-ubuntu1804-docker-8c-8g-26443 systemd-logind[1058]: New session 1 of user jenkins.
Jul  7 14:22:27 prd-ubuntu1804-docker-8c-8g-26443 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
Jul  7 14:23:02 prd-ubuntu1804-docker-8c-8g-26443 CRON[2368]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul  7 14:23:02 prd-ubuntu1804-docker-8c-8g-26443 CRON[2368]: pam_unix(cron:session): session closed for user root
Jul  7 14:24:01 prd-ubuntu1804-docker-8c-8g-26443 CRON[3280]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul  7 14:24:01 prd-ubuntu1804-docker-8c-8g-26443 CRON[3280]: pam_unix(cron:session): session closed for user root
Jul  7 14:25:01 prd-ubuntu1804-docker-8c-8g-26443 CRON[7604]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul  7 14:25:01 prd-ubuntu1804-docker-8c-8g-26443 CRON[7604]: pam_unix(cron:session): session closed for user root
Jul  7 14:26:01 prd-ubuntu1804-docker-8c-8g-26443 CRON[9571]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul  7 14:26:01 prd-ubuntu1804-docker-8c-8g-26443 CRON[9571]: pam_unix(cron:session): session closed for user root
Jul  7 14:27:01 prd-ubuntu1804-docker-8c-8g-26443 CRON[9792]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul  7 14:27:01 prd-ubuntu1804-docker-8c-8g-26443 CRON[9792]: pam_unix(cron:session): session closed for user root
Jul  7 14:27:37 prd-ubuntu1804-docker-8c-8g-26443 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/integration-xtesting-security-docker-merge-master ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp
Jul  7 14:27:37 prd-ubuntu1804-docker-8c-8g-26443 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)