Apr  2 13:29:06 prd-ubuntu1804-docker-8c-8g-3253 passwd[970]: password for 'ubuntu' changed by 'root'
Apr  2 13:29:06 prd-ubuntu1804-docker-8c-8g-3253 systemd-logind[1035]: Watching system buttons on /dev/input/event0 (Power Button)
Apr  2 13:29:06 prd-ubuntu1804-docker-8c-8g-3253 systemd-logind[1035]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Apr  2 13:29:06 prd-ubuntu1804-docker-8c-8g-3253 systemd-logind[1035]: New seat seat0.
Apr  2 13:29:07 prd-ubuntu1804-docker-8c-8g-3253 sshd[1114]: Server listening on 0.0.0.0 port 22.
Apr  2 13:29:07 prd-ubuntu1804-docker-8c-8g-3253 sshd[1114]: Server listening on :: port 22.
Apr  2 13:29:09 prd-ubuntu1804-docker-8c-8g-3253 sshd[1386]: Did not receive identification string from 10.30.104.4 port 48438
Apr  2 13:29:18 prd-ubuntu1804-docker-8c-8g-3253 sshd[1412]: Invalid user jenkins from 10.30.104.4 port 48494
Apr  2 13:29:18 prd-ubuntu1804-docker-8c-8g-3253 sshd[1412]: Received disconnect from 10.30.104.4 port 48494:11: Closed due to user request. [preauth]
Apr  2 13:29:18 prd-ubuntu1804-docker-8c-8g-3253 sshd[1412]: Disconnected from invalid user jenkins 10.30.104.4 port 48494 [preauth]
Apr  2 13:29:20 prd-ubuntu1804-docker-8c-8g-3253 sshd[1416]: Invalid user jenkins from 10.30.104.4 port 48532
Apr  2 13:29:20 prd-ubuntu1804-docker-8c-8g-3253 sshd[1416]: Received disconnect from 10.30.104.4 port 48532:11: Closed due to user request. [preauth]
Apr  2 13:29:20 prd-ubuntu1804-docker-8c-8g-3253 sshd[1416]: Disconnected from invalid user jenkins 10.30.104.4 port 48532 [preauth]
Apr  2 13:29:23 prd-ubuntu1804-docker-8c-8g-3253 sshd[1418]: Invalid user jenkins from 10.30.104.4 port 48572
Apr  2 13:29:23 prd-ubuntu1804-docker-8c-8g-3253 sshd[1418]: Received disconnect from 10.30.104.4 port 48572:11: Closed due to user request. [preauth]
Apr  2 13:29:23 prd-ubuntu1804-docker-8c-8g-3253 sshd[1418]: Disconnected from invalid user jenkins 10.30.104.4 port 48572 [preauth]
Apr  2 13:29:25 prd-ubuntu1804-docker-8c-8g-3253 sshd[1618]: Invalid user jenkins from 10.30.104.4 port 48578
Apr  2 13:29:25 prd-ubuntu1804-docker-8c-8g-3253 sshd[1618]: Received disconnect from 10.30.104.4 port 48578:11: Closed due to user request. [preauth]
Apr  2 13:29:25 prd-ubuntu1804-docker-8c-8g-3253 sshd[1618]: Disconnected from invalid user jenkins 10.30.104.4 port 48578 [preauth]
Apr  2 13:29:27 prd-ubuntu1804-docker-8c-8g-3253 sshd[1683]: Invalid user jenkins from 10.30.104.4 port 48582
Apr  2 13:29:27 prd-ubuntu1804-docker-8c-8g-3253 sshd[1683]: Received disconnect from 10.30.104.4 port 48582:11: Closed due to user request. [preauth]
Apr  2 13:29:27 prd-ubuntu1804-docker-8c-8g-3253 sshd[1683]: Disconnected from invalid user jenkins 10.30.104.4 port 48582 [preauth]
Apr  2 13:29:29 prd-ubuntu1804-docker-8c-8g-3253 useradd[1693]: new group: name=jenkins, GID=1001
Apr  2 13:29:29 prd-ubuntu1804-docker-8c-8g-3253 useradd[1693]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
Apr  2 13:29:29 prd-ubuntu1804-docker-8c-8g-3253 usermod[1700]: add 'jenkins' to group 'docker'
Apr  2 13:29:29 prd-ubuntu1804-docker-8c-8g-3253 usermod[1700]: add 'jenkins' to shadow group 'docker'
Apr  2 13:29:29 prd-ubuntu1804-docker-8c-8g-3253 sshd[1721]: Accepted publickey for jenkins from 10.30.104.4 port 48600 ssh2: RSA SHA256:V0799BjlU//1ruj1g81rY7MeNIJkwAJ0Kr3lNX3XaN4
Apr  2 13:29:29 prd-ubuntu1804-docker-8c-8g-3253 sshd[1721]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
Apr  2 13:29:29 prd-ubuntu1804-docker-8c-8g-3253 systemd-logind[1035]: New session 1 of user jenkins.
Apr  2 13:29:29 prd-ubuntu1804-docker-8c-8g-3253 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
Apr  2 13:30:01 prd-ubuntu1804-docker-8c-8g-3253 CRON[2339]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr  2 13:30:01 prd-ubuntu1804-docker-8c-8g-3253 CRON[2339]: pam_unix(cron:session): session closed for user root
Apr  2 13:31:01 prd-ubuntu1804-docker-8c-8g-3253 CRON[3964]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr  2 13:31:01 prd-ubuntu1804-docker-8c-8g-3253 CRON[3964]: pam_unix(cron:session): session closed for user root
Apr  2 13:32:01 prd-ubuntu1804-docker-8c-8g-3253 CRON[8739]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr  2 13:32:01 prd-ubuntu1804-docker-8c-8g-3253 CRON[8739]: pam_unix(cron:session): session closed for user root
Apr  2 13:33:01 prd-ubuntu1804-docker-8c-8g-3253 CRON[9817]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr  2 13:33:01 prd-ubuntu1804-docker-8c-8g-3253 CRON[9817]: pam_unix(cron:session): session closed for user root
Apr  2 13:34:01 prd-ubuntu1804-docker-8c-8g-3253 CRON[10073]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr  2 13:34:01 prd-ubuntu1804-docker-8c-8g-3253 CRON[10073]: pam_unix(cron:session): session closed for user root
Apr  2 13:34:23 prd-ubuntu1804-docker-8c-8g-3253 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/integration-xtesting-security-docker-merge-master ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp
Apr  2 13:34:23 prd-ubuntu1804-docker-8c-8g-3253 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)