Nov  3 14:22:03 prd-ubuntu1804-docker-8c-8g-8465 passwd[981]: password for 'ubuntu' changed by 'root'
Nov  3 14:22:03 prd-ubuntu1804-docker-8c-8g-8465 systemd-logind[1018]: Watching system buttons on /dev/input/event0 (Power Button)
Nov  3 14:22:03 prd-ubuntu1804-docker-8c-8g-8465 systemd-logind[1018]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Nov  3 14:22:03 prd-ubuntu1804-docker-8c-8g-8465 systemd-logind[1018]: New seat seat0.
Nov  3 14:22:03 prd-ubuntu1804-docker-8c-8g-8465 sshd[1078]: Server listening on 0.0.0.0 port 22.
Nov  3 14:22:03 prd-ubuntu1804-docker-8c-8g-8465 sshd[1078]: Server listening on :: port 22.
Nov  3 14:22:05 prd-ubuntu1804-docker-8c-8g-8465 sshd[1347]: Did not receive identification string from 10.30.104.4 port 38954
Nov  3 14:22:14 prd-ubuntu1804-docker-8c-8g-8465 sshd[1376]: Invalid user jenkins from 10.30.104.4 port 38964
Nov  3 14:22:14 prd-ubuntu1804-docker-8c-8g-8465 sshd[1376]: Received disconnect from 10.30.104.4 port 38964:11: Closed due to user request. [preauth]
Nov  3 14:22:14 prd-ubuntu1804-docker-8c-8g-8465 sshd[1376]: Disconnected from invalid user jenkins 10.30.104.4 port 38964 [preauth]
Nov  3 14:22:16 prd-ubuntu1804-docker-8c-8g-8465 sshd[1380]: Invalid user jenkins from 10.30.104.4 port 38966
Nov  3 14:22:16 prd-ubuntu1804-docker-8c-8g-8465 sshd[1380]: Received disconnect from 10.30.104.4 port 38966:11: Closed due to user request. [preauth]
Nov  3 14:22:16 prd-ubuntu1804-docker-8c-8g-8465 sshd[1380]: Disconnected from invalid user jenkins 10.30.104.4 port 38966 [preauth]
Nov  3 14:22:18 prd-ubuntu1804-docker-8c-8g-8465 sshd[1382]: Invalid user jenkins from 10.30.104.4 port 38968
Nov  3 14:22:18 prd-ubuntu1804-docker-8c-8g-8465 sshd[1382]: Received disconnect from 10.30.104.4 port 38968:11: Closed due to user request. [preauth]
Nov  3 14:22:18 prd-ubuntu1804-docker-8c-8g-8465 sshd[1382]: Disconnected from invalid user jenkins 10.30.104.4 port 38968 [preauth]
Nov  3 14:22:20 prd-ubuntu1804-docker-8c-8g-8465 sshd[1403]: Invalid user jenkins from 10.30.104.4 port 38970
Nov  3 14:22:20 prd-ubuntu1804-docker-8c-8g-8465 sshd[1403]: Received disconnect from 10.30.104.4 port 38970:11: Closed due to user request. [preauth]
Nov  3 14:22:20 prd-ubuntu1804-docker-8c-8g-8465 sshd[1403]: Disconnected from invalid user jenkins 10.30.104.4 port 38970 [preauth]
Nov  3 14:22:22 prd-ubuntu1804-docker-8c-8g-8465 sshd[1624]: Invalid user jenkins from 10.30.104.4 port 38972
Nov  3 14:22:22 prd-ubuntu1804-docker-8c-8g-8465 sshd[1624]: Received disconnect from 10.30.104.4 port 38972:11: Closed due to user request. [preauth]
Nov  3 14:22:22 prd-ubuntu1804-docker-8c-8g-8465 sshd[1624]: Disconnected from invalid user jenkins 10.30.104.4 port 38972 [preauth]
Nov  3 14:22:24 prd-ubuntu1804-docker-8c-8g-8465 sshd[1649]: Invalid user jenkins from 10.30.104.4 port 38976
Nov  3 14:22:24 prd-ubuntu1804-docker-8c-8g-8465 sshd[1649]: Received disconnect from 10.30.104.4 port 38976:11: Closed due to user request. [preauth]
Nov  3 14:22:24 prd-ubuntu1804-docker-8c-8g-8465 sshd[1649]: Disconnected from invalid user jenkins 10.30.104.4 port 38976 [preauth]
Nov  3 14:22:26 prd-ubuntu1804-docker-8c-8g-8465 sshd[1651]: Invalid user jenkins from 10.30.104.4 port 38978
Nov  3 14:22:26 prd-ubuntu1804-docker-8c-8g-8465 sshd[1651]: Received disconnect from 10.30.104.4 port 38978:11: Closed due to user request. [preauth]
Nov  3 14:22:26 prd-ubuntu1804-docker-8c-8g-8465 sshd[1651]: Disconnected from invalid user jenkins 10.30.104.4 port 38978 [preauth]
Nov  3 14:22:28 prd-ubuntu1804-docker-8c-8g-8465 useradd[1678]: new group: name=jenkins, GID=1001
Nov  3 14:22:28 prd-ubuntu1804-docker-8c-8g-8465 useradd[1678]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
Nov  3 14:22:28 prd-ubuntu1804-docker-8c-8g-8465 usermod[1685]: add 'jenkins' to group 'docker'
Nov  3 14:22:28 prd-ubuntu1804-docker-8c-8g-8465 usermod[1685]: add 'jenkins' to shadow group 'docker'
Nov  3 14:22:28 prd-ubuntu1804-docker-8c-8g-8465 sshd[1716]: Accepted publickey for jenkins from 10.30.104.4 port 38980 ssh2: RSA SHA256:V0799BjlU//1ruj1g81rY7MeNIJkwAJ0Kr3lNX3XaN4
Nov  3 14:22:28 prd-ubuntu1804-docker-8c-8g-8465 sshd[1716]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
Nov  3 14:22:28 prd-ubuntu1804-docker-8c-8g-8465 systemd-logind[1018]: New session 1 of user jenkins.
Nov  3 14:22:28 prd-ubuntu1804-docker-8c-8g-8465 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
Nov  3 14:23:00 prd-ubuntu1804-docker-8c-8g-8465 CRON[2337]: pam_unix(cron:session): session opened for user root by (uid=0)
Nov  3 14:23:00 prd-ubuntu1804-docker-8c-8g-8465 CRON[2337]: pam_unix(cron:session): session closed for user root
Nov  3 14:24:01 prd-ubuntu1804-docker-8c-8g-8465 CRON[3670]: pam_unix(cron:session): session opened for user root by (uid=0)
Nov  3 14:24:01 prd-ubuntu1804-docker-8c-8g-8465 CRON[3670]: pam_unix(cron:session): session closed for user root
Nov  3 14:25:01 prd-ubuntu1804-docker-8c-8g-8465 CRON[6053]: pam_unix(cron:session): session opened for user root by (uid=0)
Nov  3 14:25:01 prd-ubuntu1804-docker-8c-8g-8465 CRON[6053]: pam_unix(cron:session): session closed for user root
Nov  3 14:26:01 prd-ubuntu1804-docker-8c-8g-8465 CRON[9526]: pam_unix(cron:session): session opened for user root by (uid=0)
Nov  3 14:26:01 prd-ubuntu1804-docker-8c-8g-8465 CRON[9526]: pam_unix(cron:session): session closed for user root
Nov  3 14:26:43 prd-ubuntu1804-docker-8c-8g-8465 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/integration-xtesting-security-docker-merge-master ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp
Nov  3 14:26:43 prd-ubuntu1804-docker-8c-8g-8465 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)