Jan 26 11:27:53 prd-ubuntu1804-docker-8c-8g-3074 passwd[986]: password for 'ubuntu' changed by 'root'
Jan 26 11:27:53 prd-ubuntu1804-docker-8c-8g-3074 systemd-logind[1021]: Watching system buttons on /dev/input/event0 (Power Button)
Jan 26 11:27:53 prd-ubuntu1804-docker-8c-8g-3074 systemd-logind[1021]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Jan 26 11:27:53 prd-ubuntu1804-docker-8c-8g-3074 systemd-logind[1021]: New seat seat0.
Jan 26 11:27:53 prd-ubuntu1804-docker-8c-8g-3074 sshd[1114]: Server listening on 0.0.0.0 port 22.
Jan 26 11:27:53 prd-ubuntu1804-docker-8c-8g-3074 sshd[1114]: Server listening on :: port 22.
Jan 26 11:27:55 prd-ubuntu1804-docker-8c-8g-3074 sshd[1448]: Did not receive identification string from 10.30.104.4 port 42858
Jan 26 11:28:01 prd-ubuntu1804-docker-8c-8g-3074 CRON[1482]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 26 11:28:01 prd-ubuntu1804-docker-8c-8g-3074 CRON[1482]: pam_unix(cron:session): session closed for user root
Jan 26 11:28:02 prd-ubuntu1804-docker-8c-8g-3074 sshd[1491]: Invalid user jenkins from 10.30.104.4 port 42892
Jan 26 11:28:02 prd-ubuntu1804-docker-8c-8g-3074 sshd[1491]: Received disconnect from 10.30.104.4 port 42892:11: Closed due to user request. [preauth]
Jan 26 11:28:02 prd-ubuntu1804-docker-8c-8g-3074 sshd[1491]: Disconnected from invalid user jenkins 10.30.104.4 port 42892 [preauth]
Jan 26 11:28:04 prd-ubuntu1804-docker-8c-8g-3074 sshd[1495]: Invalid user jenkins from 10.30.104.4 port 42904
Jan 26 11:28:04 prd-ubuntu1804-docker-8c-8g-3074 sshd[1495]: Received disconnect from 10.30.104.4 port 42904:11: Closed due to user request. [preauth]
Jan 26 11:28:04 prd-ubuntu1804-docker-8c-8g-3074 sshd[1495]: Disconnected from invalid user jenkins 10.30.104.4 port 42904 [preauth]
Jan 26 11:28:06 prd-ubuntu1804-docker-8c-8g-3074 sshd[1497]: Invalid user jenkins from 10.30.104.4 port 42920
Jan 26 11:28:06 prd-ubuntu1804-docker-8c-8g-3074 sshd[1497]: Received disconnect from 10.30.104.4 port 42920:11: Closed due to user request. [preauth]
Jan 26 11:28:06 prd-ubuntu1804-docker-8c-8g-3074 sshd[1497]: Disconnected from invalid user jenkins 10.30.104.4 port 42920 [preauth]
Jan 26 11:28:08 prd-ubuntu1804-docker-8c-8g-3074 sshd[1499]: Invalid user jenkins from 10.30.104.4 port 42932
Jan 26 11:28:08 prd-ubuntu1804-docker-8c-8g-3074 sshd[1499]: Received disconnect from 10.30.104.4 port 42932:11: Closed due to user request. [preauth]
Jan 26 11:28:08 prd-ubuntu1804-docker-8c-8g-3074 sshd[1499]: Disconnected from invalid user jenkins 10.30.104.4 port 42932 [preauth]
Jan 26 11:28:11 prd-ubuntu1804-docker-8c-8g-3074 sshd[1576]: Invalid user jenkins from 10.30.104.4 port 42940
Jan 26 11:28:11 prd-ubuntu1804-docker-8c-8g-3074 sshd[1576]: Received disconnect from 10.30.104.4 port 42940:11: Closed due to user request. [preauth]
Jan 26 11:28:11 prd-ubuntu1804-docker-8c-8g-3074 sshd[1576]: Disconnected from invalid user jenkins 10.30.104.4 port 42940 [preauth]
Jan 26 11:28:13 prd-ubuntu1804-docker-8c-8g-3074 sshd[1743]: Invalid user jenkins from 10.30.104.4 port 42956
Jan 26 11:28:13 prd-ubuntu1804-docker-8c-8g-3074 sshd[1743]: Received disconnect from 10.30.104.4 port 42956:11: Closed due to user request. [preauth]
Jan 26 11:28:13 prd-ubuntu1804-docker-8c-8g-3074 sshd[1743]: Disconnected from invalid user jenkins 10.30.104.4 port 42956 [preauth]
Jan 26 11:28:15 prd-ubuntu1804-docker-8c-8g-3074 sshd[1767]: Invalid user jenkins from 10.30.104.4 port 42972
Jan 26 11:28:15 prd-ubuntu1804-docker-8c-8g-3074 sshd[1767]: Received disconnect from 10.30.104.4 port 42972:11: Closed due to user request. [preauth]
Jan 26 11:28:15 prd-ubuntu1804-docker-8c-8g-3074 sshd[1767]: Disconnected from invalid user jenkins 10.30.104.4 port 42972 [preauth]
Jan 26 11:28:17 prd-ubuntu1804-docker-8c-8g-3074 sshd[1769]: Invalid user jenkins from 10.30.104.4 port 42986
Jan 26 11:28:17 prd-ubuntu1804-docker-8c-8g-3074 sshd[1769]: Received disconnect from 10.30.104.4 port 42986:11: Closed due to user request. [preauth]
Jan 26 11:28:17 prd-ubuntu1804-docker-8c-8g-3074 sshd[1769]: Disconnected from invalid user jenkins 10.30.104.4 port 42986 [preauth]
Jan 26 11:28:19 prd-ubuntu1804-docker-8c-8g-3074 useradd[1795]: new group: name=jenkins, GID=1001
Jan 26 11:28:19 prd-ubuntu1804-docker-8c-8g-3074 useradd[1795]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
Jan 26 11:28:19 prd-ubuntu1804-docker-8c-8g-3074 usermod[1802]: add 'jenkins' to group 'docker'
Jan 26 11:28:19 prd-ubuntu1804-docker-8c-8g-3074 usermod[1802]: add 'jenkins' to shadow group 'docker'
Jan 26 11:28:19 prd-ubuntu1804-docker-8c-8g-3074 sshd[1811]: Accepted publickey for jenkins from 10.30.104.4 port 43002 ssh2: RSA SHA256:V0799BjlU//1ruj1g81rY7MeNIJkwAJ0Kr3lNX3XaN4
Jan 26 11:28:19 prd-ubuntu1804-docker-8c-8g-3074 sshd[1811]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
Jan 26 11:28:19 prd-ubuntu1804-docker-8c-8g-3074 systemd-logind[1021]: New session 2 of user jenkins.
Jan 26 11:28:19 prd-ubuntu1804-docker-8c-8g-3074 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
Jan 26 11:29:02 prd-ubuntu1804-docker-8c-8g-3074 CRON[2440]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 26 11:29:02 prd-ubuntu1804-docker-8c-8g-3074 CRON[2440]: pam_unix(cron:session): session closed for user root
Jan 26 11:30:01 prd-ubuntu1804-docker-8c-8g-3074 CRON[3284]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 26 11:30:01 prd-ubuntu1804-docker-8c-8g-3074 CRON[3284]: pam_unix(cron:session): session closed for user root
Jan 26 11:31:01 prd-ubuntu1804-docker-8c-8g-3074 CRON[6163]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 26 11:31:01 prd-ubuntu1804-docker-8c-8g-3074 CRON[6163]: pam_unix(cron:session): session closed for user root
Jan 26 11:32:01 prd-ubuntu1804-docker-8c-8g-3074 CRON[9731]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 26 11:32:01 prd-ubuntu1804-docker-8c-8g-3074 CRON[9731]: pam_unix(cron:session): session closed for user root
Jan 26 11:33:01 prd-ubuntu1804-docker-8c-8g-3074 CRON[9946]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 26 11:33:01 prd-ubuntu1804-docker-8c-8g-3074 CRON[9946]: pam_unix(cron:session): session closed for user root
Jan 26 11:33:25 prd-ubuntu1804-docker-8c-8g-3074 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/integration-xtesting-security-docker-verify-master ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp
Jan 26 11:33:25 prd-ubuntu1804-docker-8c-8g-3074 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)