Sep 8 14:21:00 prd-ubuntu1804-docker-8c-8g-44464 passwd[1013]: password for 'ubuntu' changed by 'root' Sep 8 14:21:00 prd-ubuntu1804-docker-8c-8g-44464 systemd-logind[1076]: Watching system buttons on /dev/input/event0 (Power Button) Sep 8 14:21:00 prd-ubuntu1804-docker-8c-8g-44464 systemd-logind[1076]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard) Sep 8 14:21:00 prd-ubuntu1804-docker-8c-8g-44464 systemd-logind[1076]: New seat seat0. Sep 8 14:21:00 prd-ubuntu1804-docker-8c-8g-44464 sshd[1153]: Server listening on 0.0.0.0 port 22. Sep 8 14:21:00 prd-ubuntu1804-docker-8c-8g-44464 sshd[1153]: Server listening on :: port 22. Sep 8 14:21:03 prd-ubuntu1804-docker-8c-8g-44464 sshd[1445]: Did not receive identification string from 10.30.104.4 port 41044 Sep 8 14:21:11 prd-ubuntu1804-docker-8c-8g-44464 sshd[1491]: Invalid user jenkins from 10.30.104.4 port 41054 Sep 8 14:21:11 prd-ubuntu1804-docker-8c-8g-44464 sshd[1491]: Received disconnect from 10.30.104.4 port 41054:11: Closed due to user request. [preauth] Sep 8 14:21:11 prd-ubuntu1804-docker-8c-8g-44464 sshd[1491]: Disconnected from invalid user jenkins 10.30.104.4 port 41054 [preauth] Sep 8 14:21:13 prd-ubuntu1804-docker-8c-8g-44464 sshd[1495]: Invalid user jenkins from 10.30.104.4 port 41056 Sep 8 14:21:13 prd-ubuntu1804-docker-8c-8g-44464 sshd[1495]: Received disconnect from 10.30.104.4 port 41056:11: Closed due to user request. [preauth] Sep 8 14:21:13 prd-ubuntu1804-docker-8c-8g-44464 sshd[1495]: Disconnected from invalid user jenkins 10.30.104.4 port 41056 [preauth] Sep 8 14:21:15 prd-ubuntu1804-docker-8c-8g-44464 sshd[1497]: Invalid user jenkins from 10.30.104.4 port 41058 Sep 8 14:21:15 prd-ubuntu1804-docker-8c-8g-44464 sshd[1497]: Received disconnect from 10.30.104.4 port 41058:11: Closed due to user request. [preauth] Sep 8 14:21:15 prd-ubuntu1804-docker-8c-8g-44464 sshd[1497]: Disconnected from invalid user jenkins 10.30.104.4 port 41058 [preauth] Sep 8 14:21:17 prd-ubuntu1804-docker-8c-8g-44464 sshd[1499]: Invalid user jenkins from 10.30.104.4 port 41060 Sep 8 14:21:17 prd-ubuntu1804-docker-8c-8g-44464 sshd[1499]: Received disconnect from 10.30.104.4 port 41060:11: Closed due to user request. [preauth] Sep 8 14:21:17 prd-ubuntu1804-docker-8c-8g-44464 sshd[1499]: Disconnected from invalid user jenkins 10.30.104.4 port 41060 [preauth] Sep 8 14:21:20 prd-ubuntu1804-docker-8c-8g-44464 sshd[1720]: Invalid user jenkins from 10.30.104.4 port 41064 Sep 8 14:21:20 prd-ubuntu1804-docker-8c-8g-44464 sshd[1720]: Received disconnect from 10.30.104.4 port 41064:11: Closed due to user request. [preauth] Sep 8 14:21:20 prd-ubuntu1804-docker-8c-8g-44464 sshd[1720]: Disconnected from invalid user jenkins 10.30.104.4 port 41064 [preauth] Sep 8 14:21:22 prd-ubuntu1804-docker-8c-8g-44464 sshd[1727]: Invalid user jenkins from 10.30.104.4 port 41066 Sep 8 14:21:22 prd-ubuntu1804-docker-8c-8g-44464 sshd[1727]: Received disconnect from 10.30.104.4 port 41066:11: Closed due to user request. [preauth] Sep 8 14:21:22 prd-ubuntu1804-docker-8c-8g-44464 sshd[1727]: Disconnected from invalid user jenkins 10.30.104.4 port 41066 [preauth] Sep 8 14:21:24 prd-ubuntu1804-docker-8c-8g-44464 sshd[1770]: Invalid user jenkins from 10.30.104.4 port 41070 Sep 8 14:21:24 prd-ubuntu1804-docker-8c-8g-44464 sshd[1770]: Received disconnect from 10.30.104.4 port 41070:11: Closed due to user request. [preauth] Sep 8 14:21:24 prd-ubuntu1804-docker-8c-8g-44464 sshd[1770]: Disconnected from invalid user jenkins 10.30.104.4 port 41070 [preauth] Sep 8 14:21:27 prd-ubuntu1804-docker-8c-8g-44464 sshd[1780]: Invalid user jenkins from 10.30.104.4 port 41072 Sep 8 14:21:27 prd-ubuntu1804-docker-8c-8g-44464 sshd[1780]: Received disconnect from 10.30.104.4 port 41072:11: Closed due to user request. [preauth] Sep 8 14:21:27 prd-ubuntu1804-docker-8c-8g-44464 sshd[1780]: Disconnected from invalid user jenkins 10.30.104.4 port 41072 [preauth] Sep 8 14:21:29 prd-ubuntu1804-docker-8c-8g-44464 sshd[1782]: Invalid user jenkins from 10.30.104.4 port 41074 Sep 8 14:21:29 prd-ubuntu1804-docker-8c-8g-44464 sshd[1782]: Received disconnect from 10.30.104.4 port 41074:11: Closed due to user request. [preauth] Sep 8 14:21:29 prd-ubuntu1804-docker-8c-8g-44464 sshd[1782]: Disconnected from invalid user jenkins 10.30.104.4 port 41074 [preauth] Sep 8 14:21:31 prd-ubuntu1804-docker-8c-8g-44464 sshd[1784]: Invalid user jenkins from 10.30.104.4 port 41076 Sep 8 14:21:31 prd-ubuntu1804-docker-8c-8g-44464 sshd[1784]: Received disconnect from 10.30.104.4 port 41076:11: Closed due to user request. [preauth] Sep 8 14:21:31 prd-ubuntu1804-docker-8c-8g-44464 sshd[1784]: Disconnected from invalid user jenkins 10.30.104.4 port 41076 [preauth] Sep 8 14:21:32 prd-ubuntu1804-docker-8c-8g-44464 useradd[1823]: new group: name=jenkins, GID=1001 Sep 8 14:21:32 prd-ubuntu1804-docker-8c-8g-44464 useradd[1823]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash Sep 8 14:21:33 prd-ubuntu1804-docker-8c-8g-44464 usermod[1830]: add 'jenkins' to group 'docker' Sep 8 14:21:33 prd-ubuntu1804-docker-8c-8g-44464 usermod[1830]: add 'jenkins' to shadow group 'docker' Sep 8 14:21:33 prd-ubuntu1804-docker-8c-8g-44464 sshd[1858]: Accepted publickey for jenkins from 10.30.104.4 port 41078 ssh2: RSA SHA256:V0799BjlU//1ruj1g81rY7MeNIJkwAJ0Kr3lNX3XaN4 Sep 8 14:21:33 prd-ubuntu1804-docker-8c-8g-44464 sshd[1858]: pam_unix(sshd:session): session opened for user jenkins by (uid=0) Sep 8 14:21:33 prd-ubuntu1804-docker-8c-8g-44464 systemd-logind[1076]: New session 1 of user jenkins. Sep 8 14:21:33 prd-ubuntu1804-docker-8c-8g-44464 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0) Sep 8 14:22:02 prd-ubuntu1804-docker-8c-8g-44464 CRON[2428]: pam_unix(cron:session): session opened for user root by (uid=0) Sep 8 14:22:02 prd-ubuntu1804-docker-8c-8g-44464 CRON[2428]: pam_unix(cron:session): session closed for user root Sep 8 14:23:01 prd-ubuntu1804-docker-8c-8g-44464 CRON[2492]: pam_unix(cron:session): session opened for user root by (uid=0) Sep 8 14:23:01 prd-ubuntu1804-docker-8c-8g-44464 CRON[2492]: pam_unix(cron:session): session closed for user root Sep 8 14:24:01 prd-ubuntu1804-docker-8c-8g-44464 CRON[4767]: pam_unix(cron:session): session opened for user root by (uid=0) Sep 8 14:24:01 prd-ubuntu1804-docker-8c-8g-44464 CRON[4767]: pam_unix(cron:session): session closed for user root Sep 8 14:25:01 prd-ubuntu1804-docker-8c-8g-44464 CRON[5694]: pam_unix(cron:session): session opened for user root by (uid=0) Sep 8 14:25:01 prd-ubuntu1804-docker-8c-8g-44464 CRON[5694]: pam_unix(cron:session): session closed for user root Sep 8 14:26:01 prd-ubuntu1804-docker-8c-8g-44464 CRON[9177]: pam_unix(cron:session): session opened for user root by (uid=0) Sep 8 14:26:01 prd-ubuntu1804-docker-8c-8g-44464 CRON[9177]: pam_unix(cron:session): session closed for user root Sep 8 14:27:01 prd-ubuntu1804-docker-8c-8g-44464 CRON[9181]: pam_unix(cron:session): session opened for user root by (uid=0) Sep 8 14:27:01 prd-ubuntu1804-docker-8c-8g-44464 CRON[9181]: pam_unix(cron:session): session closed for user root Sep 8 14:28:01 prd-ubuntu1804-docker-8c-8g-44464 CRON[9185]: pam_unix(cron:session): session opened for user root by (uid=0) Sep 8 14:28:01 prd-ubuntu1804-docker-8c-8g-44464 CRON[9185]: pam_unix(cron:session): session closed for user root Sep 8 14:29:01 prd-ubuntu1804-docker-8c-8g-44464 CRON[9188]: pam_unix(cron:session): session opened for user root by (uid=0) Sep 8 14:29:01 prd-ubuntu1804-docker-8c-8g-44464 CRON[9188]: pam_unix(cron:session): session closed for user root Sep 8 14:30:01 prd-ubuntu1804-docker-8c-8g-44464 CRON[9648]: pam_unix(cron:session): session opened for user root by (uid=0) Sep 8 14:30:01 prd-ubuntu1804-docker-8c-8g-44464 CRON[9648]: pam_unix(cron:session): session closed for user root Sep 8 14:30:35 prd-ubuntu1804-docker-8c-8g-44464 sudo: jenkins : TTY=unknown ; PWD=/w/workspace/integration-xtesting-security-docker-merge-master ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp Sep 8 14:30:35 prd-ubuntu1804-docker-8c-8g-44464 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)