Dec  4 14:57:25 prd-ubuntu1804-docker-8c-8g-17745 passwd[1002]: password for 'ubuntu' changed by 'root'
Dec  4 14:57:25 prd-ubuntu1804-docker-8c-8g-17745 systemd-logind[1114]: Watching system buttons on /dev/input/event0 (Power Button)
Dec  4 14:57:25 prd-ubuntu1804-docker-8c-8g-17745 systemd-logind[1114]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Dec  4 14:57:25 prd-ubuntu1804-docker-8c-8g-17745 systemd-logind[1114]: New seat seat0.
Dec  4 14:57:25 prd-ubuntu1804-docker-8c-8g-17745 sshd[1157]: Server listening on 0.0.0.0 port 22.
Dec  4 14:57:25 prd-ubuntu1804-docker-8c-8g-17745 sshd[1157]: Server listening on :: port 22.
Dec  4 14:57:28 prd-ubuntu1804-docker-8c-8g-17745 sshd[1406]: Did not receive identification string from 10.30.104.4 port 49582
Dec  4 14:57:33 prd-ubuntu1804-docker-8c-8g-17745 sshd[1433]: Invalid user jenkins from 10.30.104.4 port 49586
Dec  4 14:57:33 prd-ubuntu1804-docker-8c-8g-17745 sshd[1433]: Received disconnect from 10.30.104.4 port 49586:11: Closed due to user request. [preauth]
Dec  4 14:57:33 prd-ubuntu1804-docker-8c-8g-17745 sshd[1433]: Disconnected from invalid user jenkins 10.30.104.4 port 49586 [preauth]
Dec  4 14:57:35 prd-ubuntu1804-docker-8c-8g-17745 sshd[1437]: Invalid user jenkins from 10.30.104.4 port 49592
Dec  4 14:57:36 prd-ubuntu1804-docker-8c-8g-17745 sshd[1437]: Received disconnect from 10.30.104.4 port 49592:11: Closed due to user request. [preauth]
Dec  4 14:57:36 prd-ubuntu1804-docker-8c-8g-17745 sshd[1437]: Disconnected from invalid user jenkins 10.30.104.4 port 49592 [preauth]
Dec  4 14:57:38 prd-ubuntu1804-docker-8c-8g-17745 sshd[1439]: Invalid user jenkins from 10.30.104.4 port 49598
Dec  4 14:57:38 prd-ubuntu1804-docker-8c-8g-17745 sshd[1439]: Received disconnect from 10.30.104.4 port 49598:11: Closed due to user request. [preauth]
Dec  4 14:57:38 prd-ubuntu1804-docker-8c-8g-17745 sshd[1439]: Disconnected from invalid user jenkins 10.30.104.4 port 49598 [preauth]
Dec  4 14:57:40 prd-ubuntu1804-docker-8c-8g-17745 sshd[1441]: Invalid user jenkins from 10.30.104.4 port 49604
Dec  4 14:57:40 prd-ubuntu1804-docker-8c-8g-17745 sshd[1441]: Received disconnect from 10.30.104.4 port 49604:11: Closed due to user request. [preauth]
Dec  4 14:57:40 prd-ubuntu1804-docker-8c-8g-17745 sshd[1441]: Disconnected from invalid user jenkins 10.30.104.4 port 49604 [preauth]
Dec  4 14:57:42 prd-ubuntu1804-docker-8c-8g-17745 sshd[1443]: Invalid user jenkins from 10.30.104.4 port 49612
Dec  4 14:57:42 prd-ubuntu1804-docker-8c-8g-17745 sshd[1443]: Received disconnect from 10.30.104.4 port 49612:11: Closed due to user request. [preauth]
Dec  4 14:57:42 prd-ubuntu1804-docker-8c-8g-17745 sshd[1443]: Disconnected from invalid user jenkins 10.30.104.4 port 49612 [preauth]
Dec  4 14:57:44 prd-ubuntu1804-docker-8c-8g-17745 sshd[1643]: Invalid user jenkins from 10.30.104.4 port 49618
Dec  4 14:57:44 prd-ubuntu1804-docker-8c-8g-17745 sshd[1643]: Received disconnect from 10.30.104.4 port 49618:11: Closed due to user request. [preauth]
Dec  4 14:57:44 prd-ubuntu1804-docker-8c-8g-17745 sshd[1643]: Disconnected from invalid user jenkins 10.30.104.4 port 49618 [preauth]
Dec  4 14:57:46 prd-ubuntu1804-docker-8c-8g-17745 sshd[1695]: Invalid user jenkins from 10.30.104.4 port 49624
Dec  4 14:57:46 prd-ubuntu1804-docker-8c-8g-17745 sshd[1695]: Received disconnect from 10.30.104.4 port 49624:11: Closed due to user request. [preauth]
Dec  4 14:57:46 prd-ubuntu1804-docker-8c-8g-17745 sshd[1695]: Disconnected from invalid user jenkins 10.30.104.4 port 49624 [preauth]
Dec  4 14:57:48 prd-ubuntu1804-docker-8c-8g-17745 sshd[1704]: Invalid user jenkins from 10.30.104.4 port 49630
Dec  4 14:57:48 prd-ubuntu1804-docker-8c-8g-17745 sshd[1704]: Received disconnect from 10.30.104.4 port 49630:11: Closed due to user request. [preauth]
Dec  4 14:57:48 prd-ubuntu1804-docker-8c-8g-17745 sshd[1704]: Disconnected from invalid user jenkins 10.30.104.4 port 49630 [preauth]
Dec  4 14:57:50 prd-ubuntu1804-docker-8c-8g-17745 useradd[1730]: new group: name=jenkins, GID=1001
Dec  4 14:57:50 prd-ubuntu1804-docker-8c-8g-17745 useradd[1730]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
Dec  4 14:57:50 prd-ubuntu1804-docker-8c-8g-17745 usermod[1737]: add 'jenkins' to group 'docker'
Dec  4 14:57:50 prd-ubuntu1804-docker-8c-8g-17745 usermod[1737]: add 'jenkins' to shadow group 'docker'
Dec  4 14:57:51 prd-ubuntu1804-docker-8c-8g-17745 sshd[1767]: Accepted publickey for jenkins from 10.30.104.4 port 49634 ssh2: RSA SHA256:V0799BjlU//1ruj1g81rY7MeNIJkwAJ0Kr3lNX3XaN4
Dec  4 14:57:51 prd-ubuntu1804-docker-8c-8g-17745 sshd[1767]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
Dec  4 14:57:51 prd-ubuntu1804-docker-8c-8g-17745 systemd-logind[1114]: New session 1 of user jenkins.
Dec  4 14:57:51 prd-ubuntu1804-docker-8c-8g-17745 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
Dec  4 14:58:01 prd-ubuntu1804-docker-8c-8g-17745 CRON[2356]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec  4 14:58:01 prd-ubuntu1804-docker-8c-8g-17745 CRON[2356]: pam_unix(cron:session): session closed for user root
Dec  4 14:59:01 prd-ubuntu1804-docker-8c-8g-17745 CRON[2898]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec  4 14:59:01 prd-ubuntu1804-docker-8c-8g-17745 CRON[2898]: pam_unix(cron:session): session closed for user root
Dec  4 15:00:01 prd-ubuntu1804-docker-8c-8g-17745 CRON[5659]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec  4 15:00:01 prd-ubuntu1804-docker-8c-8g-17745 CRON[5659]: pam_unix(cron:session): session closed for user root
Dec  4 15:01:01 prd-ubuntu1804-docker-8c-8g-17745 CRON[9205]: pam_unix(cron:session): session opened for user root by (uid=0)
Dec  4 15:01:01 prd-ubuntu1804-docker-8c-8g-17745 CRON[9205]: pam_unix(cron:session): session closed for user root
Dec  4 15:01:37 prd-ubuntu1804-docker-8c-8g-17745 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/integration-xtesting-security-docker-verify-master ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp
Dec  4 15:01:37 prd-ubuntu1804-docker-8c-8g-17745 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)