Jan 26 11:30:50 prd-ubuntu1804-docker-8c-8g-3092 passwd[992]: password for 'ubuntu' changed by 'root'
Jan 26 11:30:50 prd-ubuntu1804-docker-8c-8g-3092 systemd-logind[1144]: Watching system buttons on /dev/input/event0 (Power Button)
Jan 26 11:30:50 prd-ubuntu1804-docker-8c-8g-3092 systemd-logind[1144]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Jan 26 11:30:50 prd-ubuntu1804-docker-8c-8g-3092 systemd-logind[1144]: New seat seat0.
Jan 26 11:30:50 prd-ubuntu1804-docker-8c-8g-3092 sshd[1221]: Server listening on 0.0.0.0 port 22.
Jan 26 11:30:50 prd-ubuntu1804-docker-8c-8g-3092 sshd[1221]: Server listening on :: port 22.
Jan 26 11:30:53 prd-ubuntu1804-docker-8c-8g-3092 sshd[1493]: Did not receive identification string from 10.30.104.4 port 60658
Jan 26 11:31:01 prd-ubuntu1804-docker-8c-8g-3092 CRON[1525]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 26 11:31:01 prd-ubuntu1804-docker-8c-8g-3092 CRON[1525]: pam_unix(cron:session): session closed for user root
Jan 26 11:31:02 prd-ubuntu1804-docker-8c-8g-3092 sshd[1534]: Invalid user jenkins from 10.30.104.4 port 60718
Jan 26 11:31:02 prd-ubuntu1804-docker-8c-8g-3092 sshd[1534]: Received disconnect from 10.30.104.4 port 60718:11: Closed due to user request. [preauth]
Jan 26 11:31:02 prd-ubuntu1804-docker-8c-8g-3092 sshd[1534]: Disconnected from invalid user jenkins 10.30.104.4 port 60718 [preauth]
Jan 26 11:31:04 prd-ubuntu1804-docker-8c-8g-3092 sshd[1538]: Invalid user jenkins from 10.30.104.4 port 60730
Jan 26 11:31:04 prd-ubuntu1804-docker-8c-8g-3092 sshd[1538]: Received disconnect from 10.30.104.4 port 60730:11: Closed due to user request. [preauth]
Jan 26 11:31:04 prd-ubuntu1804-docker-8c-8g-3092 sshd[1538]: Disconnected from invalid user jenkins 10.30.104.4 port 60730 [preauth]
Jan 26 11:31:06 prd-ubuntu1804-docker-8c-8g-3092 sshd[1540]: Invalid user jenkins from 10.30.104.4 port 60744
Jan 26 11:31:06 prd-ubuntu1804-docker-8c-8g-3092 sshd[1540]: Received disconnect from 10.30.104.4 port 60744:11: Closed due to user request. [preauth]
Jan 26 11:31:06 prd-ubuntu1804-docker-8c-8g-3092 sshd[1540]: Disconnected from invalid user jenkins 10.30.104.4 port 60744 [preauth]
Jan 26 11:31:08 prd-ubuntu1804-docker-8c-8g-3092 sshd[1684]: Invalid user jenkins from 10.30.104.4 port 60756
Jan 26 11:31:08 prd-ubuntu1804-docker-8c-8g-3092 sshd[1684]: Received disconnect from 10.30.104.4 port 60756:11: Closed due to user request. [preauth]
Jan 26 11:31:08 prd-ubuntu1804-docker-8c-8g-3092 sshd[1684]: Disconnected from invalid user jenkins 10.30.104.4 port 60756 [preauth]
Jan 26 11:31:10 prd-ubuntu1804-docker-8c-8g-3092 sshd[1811]: Invalid user jenkins from 10.30.104.4 port 60768
Jan 26 11:31:10 prd-ubuntu1804-docker-8c-8g-3092 sshd[1811]: Received disconnect from 10.30.104.4 port 60768:11: Closed due to user request. [preauth]
Jan 26 11:31:10 prd-ubuntu1804-docker-8c-8g-3092 sshd[1811]: Disconnected from invalid user jenkins 10.30.104.4 port 60768 [preauth]
Jan 26 11:31:12 prd-ubuntu1804-docker-8c-8g-3092 sshd[1815]: Invalid user jenkins from 10.30.104.4 port 60780
Jan 26 11:31:12 prd-ubuntu1804-docker-8c-8g-3092 sshd[1815]: Received disconnect from 10.30.104.4 port 60780:11: Closed due to user request. [preauth]
Jan 26 11:31:12 prd-ubuntu1804-docker-8c-8g-3092 sshd[1815]: Disconnected from invalid user jenkins 10.30.104.4 port 60780 [preauth]
Jan 26 11:31:13 prd-ubuntu1804-docker-8c-8g-3092 useradd[1835]: new group: name=jenkins, GID=1001
Jan 26 11:31:13 prd-ubuntu1804-docker-8c-8g-3092 useradd[1835]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
Jan 26 11:31:14 prd-ubuntu1804-docker-8c-8g-3092 usermod[1842]: add 'jenkins' to group 'docker'
Jan 26 11:31:14 prd-ubuntu1804-docker-8c-8g-3092 usermod[1842]: add 'jenkins' to shadow group 'docker'
Jan 26 11:31:14 prd-ubuntu1804-docker-8c-8g-3092 sshd[1882]: Accepted publickey for jenkins from 10.30.104.4 port 60794 ssh2: RSA SHA256:V0799BjlU//1ruj1g81rY7MeNIJkwAJ0Kr3lNX3XaN4
Jan 26 11:31:14 prd-ubuntu1804-docker-8c-8g-3092 sshd[1882]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
Jan 26 11:31:15 prd-ubuntu1804-docker-8c-8g-3092 systemd-logind[1144]: New session 2 of user jenkins.
Jan 26 11:31:15 prd-ubuntu1804-docker-8c-8g-3092 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
Jan 26 11:32:02 prd-ubuntu1804-docker-8c-8g-3092 CRON[2147]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 26 11:32:02 prd-ubuntu1804-docker-8c-8g-3092 CRON[2147]: pam_unix(cron:session): session closed for user root
Jan 26 11:33:01 prd-ubuntu1804-docker-8c-8g-3092 CRON[2151]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 26 11:33:01 prd-ubuntu1804-docker-8c-8g-3092 CRON[2151]: pam_unix(cron:session): session closed for user root
Jan 26 11:34:01 prd-ubuntu1804-docker-8c-8g-3092 CRON[2157]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 26 11:34:01 prd-ubuntu1804-docker-8c-8g-3092 CRON[2157]: pam_unix(cron:session): session closed for user root
Jan 26 11:35:01 prd-ubuntu1804-docker-8c-8g-3092 CRON[2162]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 26 11:35:01 prd-ubuntu1804-docker-8c-8g-3092 CRON[2162]: pam_unix(cron:session): session closed for user root
Jan 26 11:36:01 prd-ubuntu1804-docker-8c-8g-3092 CRON[2167]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 26 11:36:01 prd-ubuntu1804-docker-8c-8g-3092 CRON[2167]: pam_unix(cron:session): session closed for user root
Jan 26 11:37:01 prd-ubuntu1804-docker-8c-8g-3092 CRON[2535]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 26 11:37:01 prd-ubuntu1804-docker-8c-8g-3092 CRON[2535]: pam_unix(cron:session): session closed for user root
Jan 26 11:38:01 prd-ubuntu1804-docker-8c-8g-3092 CRON[5753]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 26 11:38:01 prd-ubuntu1804-docker-8c-8g-3092 CRON[5753]: pam_unix(cron:session): session closed for user root
Jan 26 11:39:01 prd-ubuntu1804-docker-8c-8g-3092 CRON[9502]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 26 11:39:01 prd-ubuntu1804-docker-8c-8g-3092 CRON[9502]: pam_unix(cron:session): session closed for user root
Jan 26 11:39:35 prd-ubuntu1804-docker-8c-8g-3092 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/integration-xtesting-security-docker-verify-master ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp
Jan 26 11:39:35 prd-ubuntu1804-docker-8c-8g-3092 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)