Sep 29 14:21:05 prd-ubuntu1804-docker-8c-8g-1121 passwd[974]: password for 'ubuntu' changed by 'root'
Sep 29 14:21:05 prd-ubuntu1804-docker-8c-8g-1121 systemd-logind[1043]: Watching system buttons on /dev/input/event0 (Power Button)
Sep 29 14:21:05 prd-ubuntu1804-docker-8c-8g-1121 systemd-logind[1043]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Sep 29 14:21:05 prd-ubuntu1804-docker-8c-8g-1121 systemd-logind[1043]: New seat seat0.
Sep 29 14:21:05 prd-ubuntu1804-docker-8c-8g-1121 sshd[1125]: Server listening on 0.0.0.0 port 22.
Sep 29 14:21:05 prd-ubuntu1804-docker-8c-8g-1121 sshd[1125]: Server listening on :: port 22.
Sep 29 14:21:07 prd-ubuntu1804-docker-8c-8g-1121 sshd[1429]: Did not receive identification string from 10.30.104.4 port 53190
Sep 29 14:21:08 prd-ubuntu1804-docker-8c-8g-1121 sshd[1433]: Invalid user jenkins from 10.30.104.4 port 53194
Sep 29 14:21:08 prd-ubuntu1804-docker-8c-8g-1121 sshd[1433]: Received disconnect from 10.30.104.4 port 53194:11: Closed due to user request. [preauth]
Sep 29 14:21:08 prd-ubuntu1804-docker-8c-8g-1121 sshd[1433]: Disconnected from invalid user jenkins 10.30.104.4 port 53194 [preauth]
Sep 29 14:21:10 prd-ubuntu1804-docker-8c-8g-1121 sshd[1437]: Invalid user jenkins from 10.30.104.4 port 53204
Sep 29 14:21:10 prd-ubuntu1804-docker-8c-8g-1121 sshd[1437]: Received disconnect from 10.30.104.4 port 53204:11: Closed due to user request. [preauth]
Sep 29 14:21:10 prd-ubuntu1804-docker-8c-8g-1121 sshd[1437]: Disconnected from invalid user jenkins 10.30.104.4 port 53204 [preauth]
Sep 29 14:21:12 prd-ubuntu1804-docker-8c-8g-1121 sshd[1459]: Invalid user jenkins from 10.30.104.4 port 53212
Sep 29 14:21:12 prd-ubuntu1804-docker-8c-8g-1121 sshd[1459]: Received disconnect from 10.30.104.4 port 53212:11: Closed due to user request. [preauth]
Sep 29 14:21:12 prd-ubuntu1804-docker-8c-8g-1121 sshd[1459]: Disconnected from invalid user jenkins 10.30.104.4 port 53212 [preauth]
Sep 29 14:21:14 prd-ubuntu1804-docker-8c-8g-1121 sshd[1461]: Invalid user jenkins from 10.30.104.4 port 53228
Sep 29 14:21:14 prd-ubuntu1804-docker-8c-8g-1121 sshd[1461]: Received disconnect from 10.30.104.4 port 53228:11: Closed due to user request. [preauth]
Sep 29 14:21:14 prd-ubuntu1804-docker-8c-8g-1121 sshd[1461]: Disconnected from invalid user jenkins 10.30.104.4 port 53228 [preauth]
Sep 29 14:21:16 prd-ubuntu1804-docker-8c-8g-1121 sshd[1463]: Invalid user jenkins from 10.30.104.4 port 53242
Sep 29 14:21:16 prd-ubuntu1804-docker-8c-8g-1121 sshd[1463]: Received disconnect from 10.30.104.4 port 53242:11: Closed due to user request. [preauth]
Sep 29 14:21:16 prd-ubuntu1804-docker-8c-8g-1121 sshd[1463]: Disconnected from invalid user jenkins 10.30.104.4 port 53242 [preauth]
Sep 29 14:21:18 prd-ubuntu1804-docker-8c-8g-1121 sshd[1465]: Invalid user jenkins from 10.30.104.4 port 53246
Sep 29 14:21:19 prd-ubuntu1804-docker-8c-8g-1121 sshd[1465]: Received disconnect from 10.30.104.4 port 53246:11: Closed due to user request. [preauth]
Sep 29 14:21:19 prd-ubuntu1804-docker-8c-8g-1121 sshd[1465]: Disconnected from invalid user jenkins 10.30.104.4 port 53246 [preauth]
Sep 29 14:21:21 prd-ubuntu1804-docker-8c-8g-1121 sshd[1467]: Invalid user jenkins from 10.30.104.4 port 53248
Sep 29 14:21:21 prd-ubuntu1804-docker-8c-8g-1121 sshd[1467]: Received disconnect from 10.30.104.4 port 53248:11: Closed due to user request. [preauth]
Sep 29 14:21:21 prd-ubuntu1804-docker-8c-8g-1121 sshd[1467]: Disconnected from invalid user jenkins 10.30.104.4 port 53248 [preauth]
Sep 29 14:21:23 prd-ubuntu1804-docker-8c-8g-1121 sshd[1590]: Invalid user jenkins from 10.30.104.4 port 53254
Sep 29 14:21:23 prd-ubuntu1804-docker-8c-8g-1121 sshd[1590]: Received disconnect from 10.30.104.4 port 53254:11: Closed due to user request. [preauth]
Sep 29 14:21:23 prd-ubuntu1804-docker-8c-8g-1121 sshd[1590]: Disconnected from invalid user jenkins 10.30.104.4 port 53254 [preauth]
Sep 29 14:21:25 prd-ubuntu1804-docker-8c-8g-1121 sshd[1736]: Invalid user jenkins from 10.30.104.4 port 53256
Sep 29 14:21:25 prd-ubuntu1804-docker-8c-8g-1121 sshd[1736]: Received disconnect from 10.30.104.4 port 53256:11: Closed due to user request. [preauth]
Sep 29 14:21:25 prd-ubuntu1804-docker-8c-8g-1121 sshd[1736]: Disconnected from invalid user jenkins 10.30.104.4 port 53256 [preauth]
Sep 29 14:21:28 prd-ubuntu1804-docker-8c-8g-1121 sshd[1745]: Invalid user jenkins from 10.30.104.4 port 53258
Sep 29 14:21:28 prd-ubuntu1804-docker-8c-8g-1121 sshd[1745]: Received disconnect from 10.30.104.4 port 53258:11: Closed due to user request. [preauth]
Sep 29 14:21:28 prd-ubuntu1804-docker-8c-8g-1121 sshd[1745]: Disconnected from invalid user jenkins 10.30.104.4 port 53258 [preauth]
Sep 29 14:21:29 prd-ubuntu1804-docker-8c-8g-1121 useradd[1765]: new group: name=jenkins, GID=1001
Sep 29 14:21:29 prd-ubuntu1804-docker-8c-8g-1121 useradd[1765]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
Sep 29 14:21:29 prd-ubuntu1804-docker-8c-8g-1121 usermod[1772]: add 'jenkins' to group 'docker'
Sep 29 14:21:29 prd-ubuntu1804-docker-8c-8g-1121 usermod[1772]: add 'jenkins' to shadow group 'docker'
Sep 29 14:21:30 prd-ubuntu1804-docker-8c-8g-1121 sshd[1833]: Accepted publickey for jenkins from 10.30.104.4 port 53264 ssh2: RSA SHA256:V0799BjlU//1ruj1g81rY7MeNIJkwAJ0Kr3lNX3XaN4
Sep 29 14:21:30 prd-ubuntu1804-docker-8c-8g-1121 sshd[1833]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
Sep 29 14:21:30 prd-ubuntu1804-docker-8c-8g-1121 systemd-logind[1043]: New session 1 of user jenkins.
Sep 29 14:21:30 prd-ubuntu1804-docker-8c-8g-1121 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
Sep 29 14:22:02 prd-ubuntu1804-docker-8c-8g-1121 CRON[2426]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:22:02 prd-ubuntu1804-docker-8c-8g-1121 CRON[2426]: pam_unix(cron:session): session closed for user root
Sep 29 14:23:01 prd-ubuntu1804-docker-8c-8g-1121 CRON[3101]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:23:01 prd-ubuntu1804-docker-8c-8g-1121 CRON[3101]: pam_unix(cron:session): session closed for user root
Sep 29 14:24:01 prd-ubuntu1804-docker-8c-8g-1121 CRON[6510]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:24:01 prd-ubuntu1804-docker-8c-8g-1121 CRON[6510]: pam_unix(cron:session): session closed for user root
Sep 29 14:25:01 prd-ubuntu1804-docker-8c-8g-1121 CRON[9563]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 29 14:25:01 prd-ubuntu1804-docker-8c-8g-1121 CRON[9563]: pam_unix(cron:session): session closed for user root
Sep 29 14:25:52 prd-ubuntu1804-docker-8c-8g-1121 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/integration-xtesting-security-docker-merge-master ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp
Sep 29 14:25:52 prd-ubuntu1804-docker-8c-8g-1121 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)