Jan  5 14:20:30 prd-ubuntu1804-docker-8c-8g-3326 passwd[1006]: password for 'ubuntu' changed by 'root'
Jan  5 14:20:30 prd-ubuntu1804-docker-8c-8g-3326 systemd-logind[1083]: Watching system buttons on /dev/input/event0 (Power Button)
Jan  5 14:20:30 prd-ubuntu1804-docker-8c-8g-3326 systemd-logind[1083]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Jan  5 14:20:30 prd-ubuntu1804-docker-8c-8g-3326 systemd-logind[1083]: New seat seat0.
Jan  5 14:20:30 prd-ubuntu1804-docker-8c-8g-3326 sshd[1173]: Server listening on 0.0.0.0 port 22.
Jan  5 14:20:30 prd-ubuntu1804-docker-8c-8g-3326 sshd[1173]: Server listening on :: port 22.
Jan  5 14:20:33 prd-ubuntu1804-docker-8c-8g-3326 sshd[1474]: Did not receive identification string from 10.30.104.4 port 49846
Jan  5 14:20:39 prd-ubuntu1804-docker-8c-8g-3326 sshd[1501]: Invalid user jenkins from 10.30.104.4 port 49850
Jan  5 14:20:40 prd-ubuntu1804-docker-8c-8g-3326 sshd[1501]: Received disconnect from 10.30.104.4 port 49850:11: Closed due to user request. [preauth]
Jan  5 14:20:40 prd-ubuntu1804-docker-8c-8g-3326 sshd[1501]: Disconnected from invalid user jenkins 10.30.104.4 port 49850 [preauth]
Jan  5 14:20:42 prd-ubuntu1804-docker-8c-8g-3326 sshd[1505]: Invalid user jenkins from 10.30.104.4 port 49858
Jan  5 14:20:42 prd-ubuntu1804-docker-8c-8g-3326 sshd[1505]: Received disconnect from 10.30.104.4 port 49858:11: Closed due to user request. [preauth]
Jan  5 14:20:42 prd-ubuntu1804-docker-8c-8g-3326 sshd[1505]: Disconnected from invalid user jenkins 10.30.104.4 port 49858 [preauth]
Jan  5 14:20:44 prd-ubuntu1804-docker-8c-8g-3326 sshd[1507]: Invalid user jenkins from 10.30.104.4 port 49860
Jan  5 14:20:44 prd-ubuntu1804-docker-8c-8g-3326 sshd[1507]: Received disconnect from 10.30.104.4 port 49860:11: Closed due to user request. [preauth]
Jan  5 14:20:44 prd-ubuntu1804-docker-8c-8g-3326 sshd[1507]: Disconnected from invalid user jenkins 10.30.104.4 port 49860 [preauth]
Jan  5 14:20:46 prd-ubuntu1804-docker-8c-8g-3326 sshd[1509]: Invalid user jenkins from 10.30.104.4 port 49862
Jan  5 14:20:46 prd-ubuntu1804-docker-8c-8g-3326 sshd[1509]: Received disconnect from 10.30.104.4 port 49862:11: Closed due to user request. [preauth]
Jan  5 14:20:46 prd-ubuntu1804-docker-8c-8g-3326 sshd[1509]: Disconnected from invalid user jenkins 10.30.104.4 port 49862 [preauth]
Jan  5 14:20:48 prd-ubuntu1804-docker-8c-8g-3326 sshd[1725]: Invalid user jenkins from 10.30.104.4 port 49864
Jan  5 14:20:48 prd-ubuntu1804-docker-8c-8g-3326 sshd[1725]: Received disconnect from 10.30.104.4 port 49864:11: Closed due to user request. [preauth]
Jan  5 14:20:48 prd-ubuntu1804-docker-8c-8g-3326 sshd[1725]: Disconnected from invalid user jenkins 10.30.104.4 port 49864 [preauth]
Jan  5 14:20:50 prd-ubuntu1804-docker-8c-8g-3326 sshd[1775]: Invalid user jenkins from 10.30.104.4 port 49868
Jan  5 14:20:50 prd-ubuntu1804-docker-8c-8g-3326 sshd[1775]: Received disconnect from 10.30.104.4 port 49868:11: Closed due to user request. [preauth]
Jan  5 14:20:50 prd-ubuntu1804-docker-8c-8g-3326 sshd[1775]: Disconnected from invalid user jenkins 10.30.104.4 port 49868 [preauth]
Jan  5 14:20:52 prd-ubuntu1804-docker-8c-8g-3326 sshd[1794]: Invalid user jenkins from 10.30.104.4 port 49870
Jan  5 14:20:52 prd-ubuntu1804-docker-8c-8g-3326 useradd[1797]: new group: name=jenkins, GID=1001
Jan  5 14:20:52 prd-ubuntu1804-docker-8c-8g-3326 useradd[1797]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
Jan  5 14:20:52 prd-ubuntu1804-docker-8c-8g-3326 sshd[1794]: Received disconnect from 10.30.104.4 port 49870:11: Closed due to user request. [preauth]
Jan  5 14:20:52 prd-ubuntu1804-docker-8c-8g-3326 sshd[1794]: Disconnected from invalid user jenkins 10.30.104.4 port 49870 [preauth]
Jan  5 14:20:52 prd-ubuntu1804-docker-8c-8g-3326 usermod[1804]: add 'jenkins' to group 'docker'
Jan  5 14:20:52 prd-ubuntu1804-docker-8c-8g-3326 usermod[1804]: add 'jenkins' to shadow group 'docker'
Jan  5 14:20:55 prd-ubuntu1804-docker-8c-8g-3326 sshd[1865]: Accepted publickey for jenkins from 10.30.104.4 port 49872 ssh2: RSA SHA256:V0799BjlU//1ruj1g81rY7MeNIJkwAJ0Kr3lNX3XaN4
Jan  5 14:20:55 prd-ubuntu1804-docker-8c-8g-3326 sshd[1865]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
Jan  5 14:20:55 prd-ubuntu1804-docker-8c-8g-3326 systemd-logind[1083]: New session 1 of user jenkins.
Jan  5 14:20:55 prd-ubuntu1804-docker-8c-8g-3326 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
Jan  5 14:21:01 prd-ubuntu1804-docker-8c-8g-3326 CRON[2102]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan  5 14:21:01 prd-ubuntu1804-docker-8c-8g-3326 CRON[2102]: pam_unix(cron:session): session closed for user root
Jan  5 14:22:01 prd-ubuntu1804-docker-8c-8g-3326 CRON[2870]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan  5 14:22:01 prd-ubuntu1804-docker-8c-8g-3326 CRON[2870]: pam_unix(cron:session): session closed for user root
Jan  5 14:23:01 prd-ubuntu1804-docker-8c-8g-3326 CRON[5815]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan  5 14:23:01 prd-ubuntu1804-docker-8c-8g-3326 CRON[5815]: pam_unix(cron:session): session closed for user root
Jan  5 14:24:01 prd-ubuntu1804-docker-8c-8g-3326 CRON[9627]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan  5 14:24:01 prd-ubuntu1804-docker-8c-8g-3326 CRON[9627]: pam_unix(cron:session): session closed for user root
Jan  5 14:24:26 prd-ubuntu1804-docker-8c-8g-3326 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/integration-xtesting-security-docker-merge-master ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp
Jan  5 14:24:26 prd-ubuntu1804-docker-8c-8g-3326 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)