Apr  2 07:45:28 prd-ubuntu1804-docker-8c-8g-2979 passwd[1008]: password for 'ubuntu' changed by 'root'
Apr  2 07:45:28 prd-ubuntu1804-docker-8c-8g-2979 systemd-logind[1106]: Watching system buttons on /dev/input/event0 (Power Button)
Apr  2 07:45:28 prd-ubuntu1804-docker-8c-8g-2979 systemd-logind[1106]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Apr  2 07:45:28 prd-ubuntu1804-docker-8c-8g-2979 systemd-logind[1106]: New seat seat0.
Apr  2 07:45:28 prd-ubuntu1804-docker-8c-8g-2979 sshd[1142]: Server listening on 0.0.0.0 port 22.
Apr  2 07:45:28 prd-ubuntu1804-docker-8c-8g-2979 sshd[1142]: Server listening on :: port 22.
Apr  2 07:45:30 prd-ubuntu1804-docker-8c-8g-2979 sshd[1410]: Did not receive identification string from 10.30.104.4 port 56714
Apr  2 07:45:38 prd-ubuntu1804-docker-8c-8g-2979 sshd[1441]: Invalid user jenkins from 10.30.104.4 port 56758
Apr  2 07:45:38 prd-ubuntu1804-docker-8c-8g-2979 sshd[1441]: Received disconnect from 10.30.104.4 port 56758:11: Closed due to user request. [preauth]
Apr  2 07:45:38 prd-ubuntu1804-docker-8c-8g-2979 sshd[1441]: Disconnected from invalid user jenkins 10.30.104.4 port 56758 [preauth]
Apr  2 07:45:40 prd-ubuntu1804-docker-8c-8g-2979 sshd[1445]: Invalid user jenkins from 10.30.104.4 port 56770
Apr  2 07:45:40 prd-ubuntu1804-docker-8c-8g-2979 sshd[1445]: Received disconnect from 10.30.104.4 port 56770:11: Closed due to user request. [preauth]
Apr  2 07:45:40 prd-ubuntu1804-docker-8c-8g-2979 sshd[1445]: Disconnected from invalid user jenkins 10.30.104.4 port 56770 [preauth]
Apr  2 07:45:42 prd-ubuntu1804-docker-8c-8g-2979 sshd[1447]: Invalid user jenkins from 10.30.104.4 port 56776
Apr  2 07:45:42 prd-ubuntu1804-docker-8c-8g-2979 sshd[1447]: Received disconnect from 10.30.104.4 port 56776:11: Closed due to user request. [preauth]
Apr  2 07:45:42 prd-ubuntu1804-docker-8c-8g-2979 sshd[1447]: Disconnected from invalid user jenkins 10.30.104.4 port 56776 [preauth]
Apr  2 07:45:45 prd-ubuntu1804-docker-8c-8g-2979 sshd[1449]: Invalid user jenkins from 10.30.104.4 port 56788
Apr  2 07:45:45 prd-ubuntu1804-docker-8c-8g-2979 sshd[1449]: Received disconnect from 10.30.104.4 port 56788:11: Closed due to user request. [preauth]
Apr  2 07:45:45 prd-ubuntu1804-docker-8c-8g-2979 sshd[1449]: Disconnected from invalid user jenkins 10.30.104.4 port 56788 [preauth]
Apr  2 07:45:47 prd-ubuntu1804-docker-8c-8g-2979 sshd[1675]: Invalid user jenkins from 10.30.104.4 port 56800
Apr  2 07:45:47 prd-ubuntu1804-docker-8c-8g-2979 sshd[1675]: Received disconnect from 10.30.104.4 port 56800:11: Closed due to user request. [preauth]
Apr  2 07:45:47 prd-ubuntu1804-docker-8c-8g-2979 sshd[1675]: Disconnected from invalid user jenkins 10.30.104.4 port 56800 [preauth]
Apr  2 07:45:49 prd-ubuntu1804-docker-8c-8g-2979 sshd[1715]: Invalid user jenkins from 10.30.104.4 port 56818
Apr  2 07:45:49 prd-ubuntu1804-docker-8c-8g-2979 sshd[1715]: Received disconnect from 10.30.104.4 port 56818:11: Closed due to user request. [preauth]
Apr  2 07:45:49 prd-ubuntu1804-docker-8c-8g-2979 sshd[1715]: Disconnected from invalid user jenkins 10.30.104.4 port 56818 [preauth]
Apr  2 07:45:50 prd-ubuntu1804-docker-8c-8g-2979 useradd[1722]: new group: name=jenkins, GID=1001
Apr  2 07:45:50 prd-ubuntu1804-docker-8c-8g-2979 useradd[1722]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
Apr  2 07:45:50 prd-ubuntu1804-docker-8c-8g-2979 usermod[1729]: add 'jenkins' to group 'docker'
Apr  2 07:45:50 prd-ubuntu1804-docker-8c-8g-2979 usermod[1729]: add 'jenkins' to shadow group 'docker'
Apr  2 07:45:51 prd-ubuntu1804-docker-8c-8g-2979 sshd[1796]: Accepted publickey for jenkins from 10.30.104.4 port 56832 ssh2: RSA SHA256:V0799BjlU//1ruj1g81rY7MeNIJkwAJ0Kr3lNX3XaN4
Apr  2 07:45:51 prd-ubuntu1804-docker-8c-8g-2979 sshd[1796]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
Apr  2 07:45:51 prd-ubuntu1804-docker-8c-8g-2979 systemd-logind[1106]: New session 1 of user jenkins.
Apr  2 07:45:51 prd-ubuntu1804-docker-8c-8g-2979 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
Apr  2 07:46:01 prd-ubuntu1804-docker-8c-8g-2979 CRON[2113]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr  2 07:46:01 prd-ubuntu1804-docker-8c-8g-2979 CRON[2113]: pam_unix(cron:session): session closed for user root
Apr  2 07:47:01 prd-ubuntu1804-docker-8c-8g-2979 CRON[2966]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr  2 07:47:01 prd-ubuntu1804-docker-8c-8g-2979 CRON[2966]: pam_unix(cron:session): session closed for user root
Apr  2 07:48:01 prd-ubuntu1804-docker-8c-8g-2979 CRON[5922]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr  2 07:48:01 prd-ubuntu1804-docker-8c-8g-2979 CRON[5922]: pam_unix(cron:session): session closed for user root
Apr  2 07:49:01 prd-ubuntu1804-docker-8c-8g-2979 CRON[9771]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr  2 07:49:01 prd-ubuntu1804-docker-8c-8g-2979 CRON[9771]: pam_unix(cron:session): session closed for user root
Apr  2 07:50:01 prd-ubuntu1804-docker-8c-8g-2979 CRON[9960]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr  2 07:50:01 prd-ubuntu1804-docker-8c-8g-2979 CRON[9960]: pam_unix(cron:session): session closed for user root
Apr  2 07:50:48 prd-ubuntu1804-docker-8c-8g-2979 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/integration-xtesting-security-docker-merge-master ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp