Dec  4 11:47:22 prd-ubuntu1804-docker-8c-8g-17675 passwd[997]: password for 'ubuntu' changed by 'root'
Dec  4 11:47:22 prd-ubuntu1804-docker-8c-8g-17675 systemd-logind[1094]: Watching system buttons on /dev/input/event0 (Power Button)
Dec  4 11:47:22 prd-ubuntu1804-docker-8c-8g-17675 systemd-logind[1094]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Dec  4 11:47:22 prd-ubuntu1804-docker-8c-8g-17675 systemd-logind[1094]: New seat seat0.
Dec  4 11:47:22 prd-ubuntu1804-docker-8c-8g-17675 sshd[1157]: Server listening on 0.0.0.0 port 22.
Dec  4 11:47:22 prd-ubuntu1804-docker-8c-8g-17675 sshd[1157]: Server listening on :: port 22.
Dec  4 11:47:24 prd-ubuntu1804-docker-8c-8g-17675 sshd[1426]: Did not receive identification string from 10.30.104.4 port 53046
Dec  4 11:47:33 prd-ubuntu1804-docker-8c-8g-17675 sshd[1479]: Invalid user jenkins from 10.30.104.4 port 53064
Dec  4 11:47:33 prd-ubuntu1804-docker-8c-8g-17675 sshd[1479]: Received disconnect from 10.30.104.4 port 53064:11: Closed due to user request. [preauth]
Dec  4 11:47:33 prd-ubuntu1804-docker-8c-8g-17675 sshd[1479]: Disconnected from invalid user jenkins 10.30.104.4 port 53064 [preauth]
Dec  4 11:47:36 prd-ubuntu1804-docker-8c-8g-17675 sshd[1483]: Invalid user jenkins from 10.30.104.4 port 53066
Dec  4 11:47:36 prd-ubuntu1804-docker-8c-8g-17675 sshd[1483]: Received disconnect from 10.30.104.4 port 53066:11: Closed due to user request. [preauth]
Dec  4 11:47:36 prd-ubuntu1804-docker-8c-8g-17675 sshd[1483]: Disconnected from invalid user jenkins 10.30.104.4 port 53066 [preauth]
Dec  4 11:47:38 prd-ubuntu1804-docker-8c-8g-17675 sshd[1485]: Invalid user jenkins from 10.30.104.4 port 53072
Dec  4 11:47:38 prd-ubuntu1804-docker-8c-8g-17675 sshd[1485]: Received disconnect from 10.30.104.4 port 53072:11: Closed due to user request. [preauth]
Dec  4 11:47:38 prd-ubuntu1804-docker-8c-8g-17675 sshd[1485]: Disconnected from invalid user jenkins 10.30.104.4 port 53072 [preauth]
Dec  4 11:47:40 prd-ubuntu1804-docker-8c-8g-17675 sshd[1587]: Invalid user jenkins from 10.30.104.4 port 53074
Dec  4 11:47:40 prd-ubuntu1804-docker-8c-8g-17675 sshd[1587]: Received disconnect from 10.30.104.4 port 53074:11: Closed due to user request. [preauth]
Dec  4 11:47:40 prd-ubuntu1804-docker-8c-8g-17675 sshd[1587]: Disconnected from invalid user jenkins 10.30.104.4 port 53074 [preauth]
Dec  4 11:47:42 prd-ubuntu1804-docker-8c-8g-17675 sshd[1731]: Invalid user jenkins from 10.30.104.4 port 53078
Dec  4 11:47:42 prd-ubuntu1804-docker-8c-8g-17675 sshd[1731]: Received disconnect from 10.30.104.4 port 53078:11: Closed due to user request. [preauth]
Dec  4 11:47:42 prd-ubuntu1804-docker-8c-8g-17675 sshd[1731]: Disconnected from invalid user jenkins 10.30.104.4 port 53078 [preauth]
Dec  4 11:47:44 prd-ubuntu1804-docker-8c-8g-17675 sshd[1753]: Invalid user jenkins from 10.30.104.4 port 53084
Dec  4 11:47:44 prd-ubuntu1804-docker-8c-8g-17675 sshd[1753]: Received disconnect from 10.30.104.4 port 53084:11: Closed due to user request. [preauth]
Dec  4 11:47:44 prd-ubuntu1804-docker-8c-8g-17675 sshd[1753]: Disconnected from invalid user jenkins 10.30.104.4 port 53084 [preauth]
Dec  4 11:47:46 prd-ubuntu1804-docker-8c-8g-17675 useradd[1779]: new group: name=jenkins, GID=1001
Dec  4 11:47:46 prd-ubuntu1804-docker-8c-8g-17675 useradd[1779]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
Dec  4 11:47:46 prd-ubuntu1804-docker-8c-8g-17675 sshd[1780]: Invalid user jenkins from 10.30.104.4 port 53086
Dec  4 11:47:46 prd-ubuntu1804-docker-8c-8g-17675 sshd[1780]: Received disconnect from 10.30.104.4 port 53086:11: Closed due to user request. [preauth]
Dec  4 11:47:46 prd-ubuntu1804-docker-8c-8g-17675 sshd[1780]: Disconnected from invalid user jenkins 10.30.104.4 port 53086 [preauth]
Dec  4 11:47:46 prd-ubuntu1804-docker-8c-8g-17675 usermod[1788]: add 'jenkins' to group 'docker'
Dec  4 11:47:46 prd-ubuntu1804-docker-8c-8g-17675 usermod[1788]: add 'jenkins' to shadow group 'docker'
Dec  4 11:47:48 prd-ubuntu1804-docker-8c-8g-17675 sshd[1849]: Accepted publickey for jenkins from 10.30.104.4 port 53088 ssh2: RSA SHA256:V0799BjlU//1ruj1g81rY7MeNIJkwAJ0Kr3lNX3XaN4
Dec  4 11:47:48 prd-ubuntu1804-docker-8c-8g-17675 sshd[1849]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
Dec  4 11:47:48 prd-ubuntu1804-docker-8c-8g-17675 systemd-logind[1094]: New session 1 of user jenkins.
Dec  4 11:47:48 prd-ubuntu1804-docker-8c-8g-17675 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
Dec  4 11:48:01 prd-ubuntu1804-docker-8c-8g-17675 CRON[2421]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec  4 11:48:01 prd-ubuntu1804-docker-8c-8g-17675 CRON[2421]: pam_unix(cron:session): session closed for user root
Dec  4 11:49:01 prd-ubuntu1804-docker-8c-8g-17675 CRON[2915]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec  4 11:49:01 prd-ubuntu1804-docker-8c-8g-17675 CRON[2915]: pam_unix(cron:session): session closed for user root
Dec  4 11:50:01 prd-ubuntu1804-docker-8c-8g-17675 CRON[5698]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec  4 11:50:01 prd-ubuntu1804-docker-8c-8g-17675 CRON[5698]: pam_unix(cron:session): session closed for user root
Dec  4 11:51:01 prd-ubuntu1804-docker-8c-8g-17675 CRON[9508]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec  4 11:51:01 prd-ubuntu1804-docker-8c-8g-17675 CRON[9508]: pam_unix(cron:session): session closed for user root
Dec  4 11:52:00 prd-ubuntu1804-docker-8c-8g-17675 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/integration-xtesting-security-docker-verify-master ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp
Dec  4 11:52:00 prd-ubuntu1804-docker-8c-8g-17675 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)