Feb  9 11:27:41 prd-ubuntu1804-docker-8c-8g-6426 passwd[1014]: password for 'ubuntu' changed by 'root'
Feb  9 11:27:41 prd-ubuntu1804-docker-8c-8g-6426 systemd-logind[1087]: Watching system buttons on /dev/input/event0 (Power Button)
Feb  9 11:27:41 prd-ubuntu1804-docker-8c-8g-6426 systemd-logind[1087]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Feb  9 11:27:41 prd-ubuntu1804-docker-8c-8g-6426 systemd-logind[1087]: New seat seat0.
Feb  9 11:27:41 prd-ubuntu1804-docker-8c-8g-6426 sshd[1189]: Server listening on 0.0.0.0 port 22.
Feb  9 11:27:41 prd-ubuntu1804-docker-8c-8g-6426 sshd[1189]: Server listening on :: port 22.
Feb  9 11:27:43 prd-ubuntu1804-docker-8c-8g-6426 sshd[1464]: Did not receive identification string from 10.30.104.4 port 50606
Feb  9 11:27:52 prd-ubuntu1804-docker-8c-8g-6426 sshd[1489]: Invalid user jenkins from 10.30.104.4 port 50638
Feb  9 11:27:52 prd-ubuntu1804-docker-8c-8g-6426 sshd[1489]: Received disconnect from 10.30.104.4 port 50638:11: Closed due to user request. [preauth]
Feb  9 11:27:52 prd-ubuntu1804-docker-8c-8g-6426 sshd[1489]: Disconnected from invalid user jenkins 10.30.104.4 port 50638 [preauth]
Feb  9 11:27:54 prd-ubuntu1804-docker-8c-8g-6426 sshd[1493]: Invalid user jenkins from 10.30.104.4 port 50654
Feb  9 11:27:54 prd-ubuntu1804-docker-8c-8g-6426 sshd[1493]: Received disconnect from 10.30.104.4 port 50654:11: Closed due to user request. [preauth]
Feb  9 11:27:54 prd-ubuntu1804-docker-8c-8g-6426 sshd[1493]: Disconnected from invalid user jenkins 10.30.104.4 port 50654 [preauth]
Feb  9 11:27:56 prd-ubuntu1804-docker-8c-8g-6426 sshd[1495]: Invalid user jenkins from 10.30.104.4 port 50664
Feb  9 11:27:56 prd-ubuntu1804-docker-8c-8g-6426 sshd[1495]: Received disconnect from 10.30.104.4 port 50664:11: Closed due to user request. [preauth]
Feb  9 11:27:56 prd-ubuntu1804-docker-8c-8g-6426 sshd[1495]: Disconnected from invalid user jenkins 10.30.104.4 port 50664 [preauth]
Feb  9 11:27:58 prd-ubuntu1804-docker-8c-8g-6426 sshd[1536]: Invalid user jenkins from 10.30.104.4 port 50680
Feb  9 11:27:58 prd-ubuntu1804-docker-8c-8g-6426 sshd[1536]: Received disconnect from 10.30.104.4 port 50680:11: Closed due to user request. [preauth]
Feb  9 11:27:58 prd-ubuntu1804-docker-8c-8g-6426 sshd[1536]: Disconnected from invalid user jenkins 10.30.104.4 port 50680 [preauth]
Feb  9 11:28:00 prd-ubuntu1804-docker-8c-8g-6426 sshd[1720]: Invalid user jenkins from 10.30.104.4 port 50690
Feb  9 11:28:00 prd-ubuntu1804-docker-8c-8g-6426 sshd[1720]: Received disconnect from 10.30.104.4 port 50690:11: Closed due to user request. [preauth]
Feb  9 11:28:00 prd-ubuntu1804-docker-8c-8g-6426 sshd[1720]: Disconnected from invalid user jenkins 10.30.104.4 port 50690 [preauth]
Feb  9 11:28:01 prd-ubuntu1804-docker-8c-8g-6426 CRON[1742]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  9 11:28:01 prd-ubuntu1804-docker-8c-8g-6426 CRON[1742]: pam_unix(cron:session): session closed for user root
Feb  9 11:28:03 prd-ubuntu1804-docker-8c-8g-6426 sshd[1769]: Invalid user jenkins from 10.30.104.4 port 50710
Feb  9 11:28:03 prd-ubuntu1804-docker-8c-8g-6426 sshd[1769]: Received disconnect from 10.30.104.4 port 50710:11: Closed due to user request. [preauth]
Feb  9 11:28:03 prd-ubuntu1804-docker-8c-8g-6426 sshd[1769]: Disconnected from invalid user jenkins 10.30.104.4 port 50710 [preauth]
Feb  9 11:28:05 prd-ubuntu1804-docker-8c-8g-6426 sshd[1771]: Invalid user jenkins from 10.30.104.4 port 50726
Feb  9 11:28:05 prd-ubuntu1804-docker-8c-8g-6426 sshd[1771]: Received disconnect from 10.30.104.4 port 50726:11: Closed due to user request. [preauth]
Feb  9 11:28:05 prd-ubuntu1804-docker-8c-8g-6426 sshd[1771]: Disconnected from invalid user jenkins 10.30.104.4 port 50726 [preauth]
Feb  9 11:28:07 prd-ubuntu1804-docker-8c-8g-6426 sshd[1781]: Invalid user jenkins from 10.30.104.4 port 50742
Feb  9 11:28:07 prd-ubuntu1804-docker-8c-8g-6426 sshd[1781]: Received disconnect from 10.30.104.4 port 50742:11: Closed due to user request. [preauth]
Feb  9 11:28:07 prd-ubuntu1804-docker-8c-8g-6426 sshd[1781]: Disconnected from invalid user jenkins 10.30.104.4 port 50742 [preauth]
Feb  9 11:28:08 prd-ubuntu1804-docker-8c-8g-6426 useradd[1801]: new group: name=jenkins, GID=1001
Feb  9 11:28:08 prd-ubuntu1804-docker-8c-8g-6426 useradd[1801]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
Feb  9 11:28:08 prd-ubuntu1804-docker-8c-8g-6426 usermod[1808]: add 'jenkins' to group 'docker'
Feb  9 11:28:08 prd-ubuntu1804-docker-8c-8g-6426 usermod[1808]: add 'jenkins' to shadow group 'docker'
Feb  9 11:28:09 prd-ubuntu1804-docker-8c-8g-6426 sshd[1869]: Accepted publickey for jenkins from 10.30.104.4 port 50756 ssh2: RSA SHA256:V0799BjlU//1ruj1g81rY7MeNIJkwAJ0Kr3lNX3XaN4
Feb  9 11:28:09 prd-ubuntu1804-docker-8c-8g-6426 sshd[1869]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
Feb  9 11:28:09 prd-ubuntu1804-docker-8c-8g-6426 systemd-logind[1087]: New session 2 of user jenkins.
Feb  9 11:28:09 prd-ubuntu1804-docker-8c-8g-6426 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
Feb  9 11:29:01 prd-ubuntu1804-docker-8c-8g-6426 CRON[2458]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  9 11:29:01 prd-ubuntu1804-docker-8c-8g-6426 CRON[2458]: pam_unix(cron:session): session closed for user root
Feb  9 11:30:01 prd-ubuntu1804-docker-8c-8g-6426 CRON[5407]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  9 11:30:01 prd-ubuntu1804-docker-8c-8g-6426 CRON[5407]: pam_unix(cron:session): session closed for user root
Feb  9 11:31:01 prd-ubuntu1804-docker-8c-8g-6426 CRON[6166]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  9 11:31:01 prd-ubuntu1804-docker-8c-8g-6426 CRON[6166]: pam_unix(cron:session): session closed for user root
Feb  9 11:32:02 prd-ubuntu1804-docker-8c-8g-6426 CRON[9337]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  9 11:32:02 prd-ubuntu1804-docker-8c-8g-6426 CRON[9337]: pam_unix(cron:session): session closed for user root
Feb  9 11:33:01 prd-ubuntu1804-docker-8c-8g-6426 CRON[10102]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  9 11:33:01 prd-ubuntu1804-docker-8c-8g-6426 CRON[10102]: pam_unix(cron:session): session closed for user root
Feb  9 11:33:09 prd-ubuntu1804-docker-8c-8g-6426 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/integration-xtesting-security-docker-merge-master ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp
Feb  9 11:33:09 prd-ubuntu1804-docker-8c-8g-6426 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)