Sep 15 14:21:59 prd-ubuntu1804-docker-8c-8g-46004 passwd[985]: password for 'ubuntu' changed by 'root'
Sep 15 14:21:59 prd-ubuntu1804-docker-8c-8g-46004 systemd-logind[1116]: Watching system buttons on /dev/input/event0 (Power Button)
Sep 15 14:21:59 prd-ubuntu1804-docker-8c-8g-46004 systemd-logind[1116]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Sep 15 14:21:59 prd-ubuntu1804-docker-8c-8g-46004 systemd-logind[1116]: New seat seat0.
Sep 15 14:21:59 prd-ubuntu1804-docker-8c-8g-46004 sshd[1145]: Server listening on 0.0.0.0 port 22.
Sep 15 14:21:59 prd-ubuntu1804-docker-8c-8g-46004 sshd[1145]: Server listening on :: port 22.
Sep 15 14:22:01 prd-ubuntu1804-docker-8c-8g-46004 CRON[1404]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 15 14:22:01 prd-ubuntu1804-docker-8c-8g-46004 CRON[1404]: pam_unix(cron:session): session closed for user root
Sep 15 14:22:03 prd-ubuntu1804-docker-8c-8g-46004 sshd[1415]: Did not receive identification string from 10.30.104.4 port 59736
Sep 15 14:22:11 prd-ubuntu1804-docker-8c-8g-46004 sshd[1440]: Invalid user jenkins from 10.30.104.4 port 59744
Sep 15 14:22:11 prd-ubuntu1804-docker-8c-8g-46004 sshd[1440]: Received disconnect from 10.30.104.4 port 59744:11: Closed due to user request. [preauth]
Sep 15 14:22:11 prd-ubuntu1804-docker-8c-8g-46004 sshd[1440]: Disconnected from invalid user jenkins 10.30.104.4 port 59744 [preauth]
Sep 15 14:22:14 prd-ubuntu1804-docker-8c-8g-46004 sshd[1444]: Invalid user jenkins from 10.30.104.4 port 59748
Sep 15 14:22:14 prd-ubuntu1804-docker-8c-8g-46004 sshd[1444]: Received disconnect from 10.30.104.4 port 59748:11: Closed due to user request. [preauth]
Sep 15 14:22:14 prd-ubuntu1804-docker-8c-8g-46004 sshd[1444]: Disconnected from invalid user jenkins 10.30.104.4 port 59748 [preauth]
Sep 15 14:22:16 prd-ubuntu1804-docker-8c-8g-46004 sshd[1455]: Invalid user jenkins from 10.30.104.4 port 59750
Sep 15 14:22:16 prd-ubuntu1804-docker-8c-8g-46004 sshd[1455]: Received disconnect from 10.30.104.4 port 59750:11: Closed due to user request. [preauth]
Sep 15 14:22:16 prd-ubuntu1804-docker-8c-8g-46004 sshd[1455]: Disconnected from invalid user jenkins 10.30.104.4 port 59750 [preauth]
Sep 15 14:22:18 prd-ubuntu1804-docker-8c-8g-46004 sshd[1672]: Invalid user jenkins from 10.30.104.4 port 59752
Sep 15 14:22:18 prd-ubuntu1804-docker-8c-8g-46004 sshd[1672]: Received disconnect from 10.30.104.4 port 59752:11: Closed due to user request. [preauth]
Sep 15 14:22:18 prd-ubuntu1804-docker-8c-8g-46004 sshd[1672]: Disconnected from invalid user jenkins 10.30.104.4 port 59752 [preauth]
Sep 15 14:22:20 prd-ubuntu1804-docker-8c-8g-46004 sshd[1711]: Invalid user jenkins from 10.30.104.4 port 59754
Sep 15 14:22:20 prd-ubuntu1804-docker-8c-8g-46004 sshd[1711]: Received disconnect from 10.30.104.4 port 59754:11: Closed due to user request. [preauth]
Sep 15 14:22:20 prd-ubuntu1804-docker-8c-8g-46004 sshd[1711]: Disconnected from invalid user jenkins 10.30.104.4 port 59754 [preauth]
Sep 15 14:22:22 prd-ubuntu1804-docker-8c-8g-46004 sshd[1713]: Invalid user jenkins from 10.30.104.4 port 59756
Sep 15 14:22:22 prd-ubuntu1804-docker-8c-8g-46004 sshd[1713]: Received disconnect from 10.30.104.4 port 59756:11: Closed due to user request. [preauth]
Sep 15 14:22:22 prd-ubuntu1804-docker-8c-8g-46004 sshd[1713]: Disconnected from invalid user jenkins 10.30.104.4 port 59756 [preauth]
Sep 15 14:22:24 prd-ubuntu1804-docker-8c-8g-46004 useradd[1733]: new group: name=jenkins, GID=1001
Sep 15 14:22:24 prd-ubuntu1804-docker-8c-8g-46004 useradd[1733]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
Sep 15 14:22:24 prd-ubuntu1804-docker-8c-8g-46004 usermod[1748]: add 'jenkins' to group 'docker'
Sep 15 14:22:24 prd-ubuntu1804-docker-8c-8g-46004 usermod[1748]: add 'jenkins' to shadow group 'docker'
Sep 15 14:22:24 prd-ubuntu1804-docker-8c-8g-46004 sshd[1787]: Accepted publickey for jenkins from 10.30.104.4 port 59760 ssh2: RSA SHA256:V0799BjlU//1ruj1g81rY7MeNIJkwAJ0Kr3lNX3XaN4
Sep 15 14:22:24 prd-ubuntu1804-docker-8c-8g-46004 sshd[1787]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
Sep 15 14:22:24 prd-ubuntu1804-docker-8c-8g-46004 systemd-logind[1116]: New session 2 of user jenkins.
Sep 15 14:22:24 prd-ubuntu1804-docker-8c-8g-46004 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
Sep 15 14:23:01 prd-ubuntu1804-docker-8c-8g-46004 CRON[2385]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 15 14:23:01 prd-ubuntu1804-docker-8c-8g-46004 CRON[2385]: pam_unix(cron:session): session closed for user root
Sep 15 14:24:01 prd-ubuntu1804-docker-8c-8g-46004 CRON[2957]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 15 14:24:01 prd-ubuntu1804-docker-8c-8g-46004 CRON[2957]: pam_unix(cron:session): session closed for user root
Sep 15 14:25:01 prd-ubuntu1804-docker-8c-8g-46004 CRON[5634]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 15 14:25:01 prd-ubuntu1804-docker-8c-8g-46004 CRON[5634]: pam_unix(cron:session): session closed for user root
Sep 15 14:26:01 prd-ubuntu1804-docker-8c-8g-46004 CRON[9443]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 15 14:26:01 prd-ubuntu1804-docker-8c-8g-46004 CRON[9443]: pam_unix(cron:session): session closed for user root
Sep 15 14:27:01 prd-ubuntu1804-docker-8c-8g-46004 CRON[10006]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 15 14:27:01 prd-ubuntu1804-docker-8c-8g-46004 CRON[10006]: pam_unix(cron:session): session closed for user root
Sep 15 14:27:04 prd-ubuntu1804-docker-8c-8g-46004 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/integration-xtesting-security-docker-merge-master ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp
Sep 15 14:27:04 prd-ubuntu1804-docker-8c-8g-46004 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)