Feb  8 10:25:11 prd-ubuntu1804-docker-8c-8g-6205 passwd[1003]: password for 'ubuntu' changed by 'root'
Feb  8 10:25:11 prd-ubuntu1804-docker-8c-8g-6205 systemd-logind[1069]: Watching system buttons on /dev/input/event0 (Power Button)
Feb  8 10:25:11 prd-ubuntu1804-docker-8c-8g-6205 systemd-logind[1069]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Feb  8 10:25:11 prd-ubuntu1804-docker-8c-8g-6205 systemd-logind[1069]: New seat seat0.
Feb  8 10:25:11 prd-ubuntu1804-docker-8c-8g-6205 sshd[1113]: Server listening on 0.0.0.0 port 22.
Feb  8 10:25:11 prd-ubuntu1804-docker-8c-8g-6205 sshd[1113]: Server listening on :: port 22.
Feb  8 10:25:14 prd-ubuntu1804-docker-8c-8g-6205 sshd[1445]: Did not receive identification string from 10.30.104.4 port 44240
Feb  8 10:25:22 prd-ubuntu1804-docker-8c-8g-6205 sshd[1471]: Invalid user jenkins from 10.30.104.4 port 44262
Feb  8 10:25:22 prd-ubuntu1804-docker-8c-8g-6205 sshd[1471]: Received disconnect from 10.30.104.4 port 44262:11: Closed due to user request. [preauth]
Feb  8 10:25:22 prd-ubuntu1804-docker-8c-8g-6205 sshd[1471]: Disconnected from invalid user jenkins 10.30.104.4 port 44262 [preauth]
Feb  8 10:25:24 prd-ubuntu1804-docker-8c-8g-6205 sshd[1475]: Invalid user jenkins from 10.30.104.4 port 44272
Feb  8 10:25:24 prd-ubuntu1804-docker-8c-8g-6205 sshd[1475]: Received disconnect from 10.30.104.4 port 44272:11: Closed due to user request. [preauth]
Feb  8 10:25:24 prd-ubuntu1804-docker-8c-8g-6205 sshd[1475]: Disconnected from invalid user jenkins 10.30.104.4 port 44272 [preauth]
Feb  8 10:25:27 prd-ubuntu1804-docker-8c-8g-6205 sshd[1477]: Invalid user jenkins from 10.30.104.4 port 44280
Feb  8 10:25:27 prd-ubuntu1804-docker-8c-8g-6205 sshd[1477]: Received disconnect from 10.30.104.4 port 44280:11: Closed due to user request. [preauth]
Feb  8 10:25:27 prd-ubuntu1804-docker-8c-8g-6205 sshd[1477]: Disconnected from invalid user jenkins 10.30.104.4 port 44280 [preauth]
Feb  8 10:25:29 prd-ubuntu1804-docker-8c-8g-6205 sshd[1507]: Invalid user jenkins from 10.30.104.4 port 44288
Feb  8 10:25:29 prd-ubuntu1804-docker-8c-8g-6205 sshd[1507]: Received disconnect from 10.30.104.4 port 44288:11: Closed due to user request. [preauth]
Feb  8 10:25:29 prd-ubuntu1804-docker-8c-8g-6205 sshd[1507]: Disconnected from invalid user jenkins 10.30.104.4 port 44288 [preauth]
Feb  8 10:25:31 prd-ubuntu1804-docker-8c-8g-6205 sshd[1719]: Invalid user jenkins from 10.30.104.4 port 44300
Feb  8 10:25:31 prd-ubuntu1804-docker-8c-8g-6205 sshd[1719]: Received disconnect from 10.30.104.4 port 44300:11: Closed due to user request. [preauth]
Feb  8 10:25:31 prd-ubuntu1804-docker-8c-8g-6205 sshd[1719]: Disconnected from invalid user jenkins 10.30.104.4 port 44300 [preauth]
Feb  8 10:25:33 prd-ubuntu1804-docker-8c-8g-6205 sshd[1742]: Invalid user jenkins from 10.30.104.4 port 44312
Feb  8 10:25:33 prd-ubuntu1804-docker-8c-8g-6205 sshd[1742]: Received disconnect from 10.30.104.4 port 44312:11: Closed due to user request. [preauth]
Feb  8 10:25:33 prd-ubuntu1804-docker-8c-8g-6205 sshd[1742]: Disconnected from invalid user jenkins 10.30.104.4 port 44312 [preauth]
Feb  8 10:25:34 prd-ubuntu1804-docker-8c-8g-6205 useradd[1762]: new group: name=jenkins, GID=1001
Feb  8 10:25:34 prd-ubuntu1804-docker-8c-8g-6205 useradd[1762]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
Feb  8 10:25:34 prd-ubuntu1804-docker-8c-8g-6205 usermod[1769]: add 'jenkins' to group 'docker'
Feb  8 10:25:34 prd-ubuntu1804-docker-8c-8g-6205 usermod[1769]: add 'jenkins' to shadow group 'docker'
Feb  8 10:25:35 prd-ubuntu1804-docker-8c-8g-6205 sshd[1818]: Accepted publickey for jenkins from 10.30.104.4 port 44318 ssh2: RSA SHA256:V0799BjlU//1ruj1g81rY7MeNIJkwAJ0Kr3lNX3XaN4
Feb  8 10:25:35 prd-ubuntu1804-docker-8c-8g-6205 sshd[1818]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
Feb  8 10:25:35 prd-ubuntu1804-docker-8c-8g-6205 systemd-logind[1069]: New session 1 of user jenkins.
Feb  8 10:25:35 prd-ubuntu1804-docker-8c-8g-6205 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
Feb  8 10:26:01 prd-ubuntu1804-docker-8c-8g-6205 CRON[2397]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  8 10:26:01 prd-ubuntu1804-docker-8c-8g-6205 CRON[2397]: pam_unix(cron:session): session closed for user root
Feb  8 10:27:01 prd-ubuntu1804-docker-8c-8g-6205 CRON[3309]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  8 10:27:01 prd-ubuntu1804-docker-8c-8g-6205 CRON[3309]: pam_unix(cron:session): session closed for user root
Feb  8 10:28:01 prd-ubuntu1804-docker-8c-8g-6205 CRON[7652]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  8 10:28:01 prd-ubuntu1804-docker-8c-8g-6205 CRON[7652]: pam_unix(cron:session): session closed for user root
Feb  8 10:29:01 prd-ubuntu1804-docker-8c-8g-6205 CRON[9752]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  8 10:29:01 prd-ubuntu1804-docker-8c-8g-6205 CRON[9752]: pam_unix(cron:session): session closed for user root
Feb  8 10:30:01 prd-ubuntu1804-docker-8c-8g-6205 CRON[10019]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  8 10:30:01 prd-ubuntu1804-docker-8c-8g-6205 CRON[10019]: pam_unix(cron:session): session closed for user root
Feb  8 10:30:40 prd-ubuntu1804-docker-8c-8g-6205 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/integration-xtesting-security-docker-merge-master ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp