Sep  1 14:22:04 prd-ubuntu1804-docker-8c-8g-42851 passwd[998]: password for 'ubuntu' changed by 'root'
Sep  1 14:22:04 prd-ubuntu1804-docker-8c-8g-42851 systemd-logind[1096]: Watching system buttons on /dev/input/event0 (Power Button)
Sep  1 14:22:04 prd-ubuntu1804-docker-8c-8g-42851 systemd-logind[1096]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Sep  1 14:22:04 prd-ubuntu1804-docker-8c-8g-42851 systemd-logind[1096]: New seat seat0.
Sep  1 14:22:04 prd-ubuntu1804-docker-8c-8g-42851 sshd[1243]: Server listening on 0.0.0.0 port 22.
Sep  1 14:22:04 prd-ubuntu1804-docker-8c-8g-42851 sshd[1243]: Server listening on :: port 22.
Sep  1 14:22:04 prd-ubuntu1804-docker-8c-8g-42851 sshd[1275]: Did not receive identification string from 10.30.104.4 port 44778
Sep  1 14:22:12 prd-ubuntu1804-docker-8c-8g-42851 sshd[1503]: Invalid user jenkins from 10.30.104.4 port 44780
Sep  1 14:22:12 prd-ubuntu1804-docker-8c-8g-42851 sshd[1503]: Received disconnect from 10.30.104.4 port 44780:11: Closed due to user request. [preauth]
Sep  1 14:22:12 prd-ubuntu1804-docker-8c-8g-42851 sshd[1503]: Disconnected from invalid user jenkins 10.30.104.4 port 44780 [preauth]
Sep  1 14:22:14 prd-ubuntu1804-docker-8c-8g-42851 sshd[1507]: Invalid user jenkins from 10.30.104.4 port 44782
Sep  1 14:22:14 prd-ubuntu1804-docker-8c-8g-42851 sshd[1507]: Received disconnect from 10.30.104.4 port 44782:11: Closed due to user request. [preauth]
Sep  1 14:22:14 prd-ubuntu1804-docker-8c-8g-42851 sshd[1507]: Disconnected from invalid user jenkins 10.30.104.4 port 44782 [preauth]
Sep  1 14:22:16 prd-ubuntu1804-docker-8c-8g-42851 sshd[1509]: Invalid user jenkins from 10.30.104.4 port 44786
Sep  1 14:22:16 prd-ubuntu1804-docker-8c-8g-42851 sshd[1509]: Received disconnect from 10.30.104.4 port 44786:11: Closed due to user request. [preauth]
Sep  1 14:22:16 prd-ubuntu1804-docker-8c-8g-42851 sshd[1509]: Disconnected from invalid user jenkins 10.30.104.4 port 44786 [preauth]
Sep  1 14:22:19 prd-ubuntu1804-docker-8c-8g-42851 sshd[1511]: Invalid user jenkins from 10.30.104.4 port 44788
Sep  1 14:22:19 prd-ubuntu1804-docker-8c-8g-42851 sshd[1511]: Received disconnect from 10.30.104.4 port 44788:11: Closed due to user request. [preauth]
Sep  1 14:22:19 prd-ubuntu1804-docker-8c-8g-42851 sshd[1511]: Disconnected from invalid user jenkins 10.30.104.4 port 44788 [preauth]
Sep  1 14:22:21 prd-ubuntu1804-docker-8c-8g-42851 sshd[1513]: Invalid user jenkins from 10.30.104.4 port 44790
Sep  1 14:22:21 prd-ubuntu1804-docker-8c-8g-42851 sshd[1513]: Received disconnect from 10.30.104.4 port 44790:11: Closed due to user request. [preauth]
Sep  1 14:22:21 prd-ubuntu1804-docker-8c-8g-42851 sshd[1513]: Disconnected from invalid user jenkins 10.30.104.4 port 44790 [preauth]
Sep  1 14:22:22 prd-ubuntu1804-docker-8c-8g-42851 sshd[1703]: Invalid user jenkins from 10.30.104.4 port 44792
Sep  1 14:22:22 prd-ubuntu1804-docker-8c-8g-42851 sshd[1703]: Received disconnect from 10.30.104.4 port 44792:11: Closed due to user request. [preauth]
Sep  1 14:22:22 prd-ubuntu1804-docker-8c-8g-42851 sshd[1703]: Disconnected from invalid user jenkins 10.30.104.4 port 44792 [preauth]
Sep  1 14:22:24 prd-ubuntu1804-docker-8c-8g-42851 sshd[1770]: Invalid user jenkins from 10.30.104.4 port 44794
Sep  1 14:22:24 prd-ubuntu1804-docker-8c-8g-42851 sshd[1770]: Received disconnect from 10.30.104.4 port 44794:11: Closed due to user request. [preauth]
Sep  1 14:22:24 prd-ubuntu1804-docker-8c-8g-42851 sshd[1770]: Disconnected from invalid user jenkins 10.30.104.4 port 44794 [preauth]
Sep  1 14:22:26 prd-ubuntu1804-docker-8c-8g-42851 sshd[1781]: Invalid user jenkins from 10.30.104.4 port 44796
Sep  1 14:22:27 prd-ubuntu1804-docker-8c-8g-42851 sshd[1781]: Received disconnect from 10.30.104.4 port 44796:11: Closed due to user request. [preauth]
Sep  1 14:22:27 prd-ubuntu1804-docker-8c-8g-42851 sshd[1781]: Disconnected from invalid user jenkins 10.30.104.4 port 44796 [preauth]
Sep  1 14:22:29 prd-ubuntu1804-docker-8c-8g-42851 sshd[1783]: Invalid user jenkins from 10.30.104.4 port 44798
Sep  1 14:22:30 prd-ubuntu1804-docker-8c-8g-42851 sshd[1783]: Received disconnect from 10.30.104.4 port 44798:11: Closed due to user request. [preauth]
Sep  1 14:22:30 prd-ubuntu1804-docker-8c-8g-42851 sshd[1783]: Disconnected from invalid user jenkins 10.30.104.4 port 44798 [preauth]
Sep  1 14:22:31 prd-ubuntu1804-docker-8c-8g-42851 useradd[1803]: new group: name=jenkins, GID=1001
Sep  1 14:22:31 prd-ubuntu1804-docker-8c-8g-42851 useradd[1803]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
Sep  1 14:22:31 prd-ubuntu1804-docker-8c-8g-42851 usermod[1810]: add 'jenkins' to group 'docker'
Sep  1 14:22:31 prd-ubuntu1804-docker-8c-8g-42851 usermod[1810]: add 'jenkins' to shadow group 'docker'
Sep  1 14:22:32 prd-ubuntu1804-docker-8c-8g-42851 sshd[1871]: Accepted publickey for jenkins from 10.30.104.4 port 44802 ssh2: RSA SHA256:V0799BjlU//1ruj1g81rY7MeNIJkwAJ0Kr3lNX3XaN4
Sep  1 14:22:32 prd-ubuntu1804-docker-8c-8g-42851 sshd[1871]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
Sep  1 14:22:32 prd-ubuntu1804-docker-8c-8g-42851 systemd-logind[1096]: New session 1 of user jenkins.
Sep  1 14:22:32 prd-ubuntu1804-docker-8c-8g-42851 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
Sep  1 14:23:00 prd-ubuntu1804-docker-8c-8g-42851 CRON[2451]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep  1 14:23:00 prd-ubuntu1804-docker-8c-8g-42851 CRON[2451]: pam_unix(cron:session): session closed for user root
Sep  1 14:24:01 prd-ubuntu1804-docker-8c-8g-42851 CRON[3033]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep  1 14:24:01 prd-ubuntu1804-docker-8c-8g-42851 CRON[3033]: pam_unix(cron:session): session closed for user root
Sep  1 14:25:01 prd-ubuntu1804-docker-8c-8g-42851 CRON[5707]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep  1 14:25:01 prd-ubuntu1804-docker-8c-8g-42851 CRON[5707]: pam_unix(cron:session): session closed for user root
Sep  1 14:26:01 prd-ubuntu1804-docker-8c-8g-42851 CRON[9226]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep  1 14:26:01 prd-ubuntu1804-docker-8c-8g-42851 CRON[9226]: pam_unix(cron:session): session closed for user root
Sep  1 14:27:01 prd-ubuntu1804-docker-8c-8g-42851 CRON[10073]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep  1 14:27:02 prd-ubuntu1804-docker-8c-8g-42851 CRON[10073]: pam_unix(cron:session): session closed for user root
Sep  1 14:27:11 prd-ubuntu1804-docker-8c-8g-42851 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/integration-xtesting-security-docker-merge-master ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp
Sep  1 14:27:11 prd-ubuntu1804-docker-8c-8g-42851 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)