Jan 26 14:06:43 prd-ubuntu1804-docker-8c-8g-3199 passwd[1021]: password for 'ubuntu' changed by 'root'
Jan 26 14:06:43 prd-ubuntu1804-docker-8c-8g-3199 systemd-logind[1101]: Watching system buttons on /dev/input/event0 (Power Button)
Jan 26 14:06:43 prd-ubuntu1804-docker-8c-8g-3199 systemd-logind[1101]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Jan 26 14:06:43 prd-ubuntu1804-docker-8c-8g-3199 systemd-logind[1101]: New seat seat0.
Jan 26 14:06:43 prd-ubuntu1804-docker-8c-8g-3199 sshd[1152]: Server listening on 0.0.0.0 port 22.
Jan 26 14:06:43 prd-ubuntu1804-docker-8c-8g-3199 sshd[1152]: Server listening on :: port 22.
Jan 26 14:06:47 prd-ubuntu1804-docker-8c-8g-3199 sshd[1412]: Did not receive identification string from 10.30.104.4 port 34626
Jan 26 14:06:52 prd-ubuntu1804-docker-8c-8g-3199 sshd[1437]: Invalid user jenkins from 10.30.104.4 port 34664
Jan 26 14:06:52 prd-ubuntu1804-docker-8c-8g-3199 sshd[1437]: Received disconnect from 10.30.104.4 port 34664:11: Closed due to user request. [preauth]
Jan 26 14:06:52 prd-ubuntu1804-docker-8c-8g-3199 sshd[1437]: Disconnected from invalid user jenkins 10.30.104.4 port 34664 [preauth]
Jan 26 14:06:54 prd-ubuntu1804-docker-8c-8g-3199 sshd[1441]: Invalid user jenkins from 10.30.104.4 port 34692
Jan 26 14:06:54 prd-ubuntu1804-docker-8c-8g-3199 sshd[1441]: Received disconnect from 10.30.104.4 port 34692:11: Closed due to user request. [preauth]
Jan 26 14:06:54 prd-ubuntu1804-docker-8c-8g-3199 sshd[1441]: Disconnected from invalid user jenkins 10.30.104.4 port 34692 [preauth]
Jan 26 14:06:57 prd-ubuntu1804-docker-8c-8g-3199 sshd[1443]: Invalid user jenkins from 10.30.104.4 port 34716
Jan 26 14:06:57 prd-ubuntu1804-docker-8c-8g-3199 sshd[1443]: Received disconnect from 10.30.104.4 port 34716:11: Closed due to user request. [preauth]
Jan 26 14:06:57 prd-ubuntu1804-docker-8c-8g-3199 sshd[1443]: Disconnected from invalid user jenkins 10.30.104.4 port 34716 [preauth]
Jan 26 14:06:59 prd-ubuntu1804-docker-8c-8g-3199 sshd[1445]: Invalid user jenkins from 10.30.104.4 port 34738
Jan 26 14:06:59 prd-ubuntu1804-docker-8c-8g-3199 sshd[1445]: Received disconnect from 10.30.104.4 port 34738:11: Closed due to user request. [preauth]
Jan 26 14:06:59 prd-ubuntu1804-docker-8c-8g-3199 sshd[1445]: Disconnected from invalid user jenkins 10.30.104.4 port 34738 [preauth]
Jan 26 14:07:01 prd-ubuntu1804-docker-8c-8g-3199 sshd[1522]: Invalid user jenkins from 10.30.104.4 port 34760
Jan 26 14:07:01 prd-ubuntu1804-docker-8c-8g-3199 sshd[1522]: Received disconnect from 10.30.104.4 port 34760:11: Closed due to user request. [preauth]
Jan 26 14:07:01 prd-ubuntu1804-docker-8c-8g-3199 sshd[1522]: Disconnected from invalid user jenkins 10.30.104.4 port 34760 [preauth]
Jan 26 14:07:01 prd-ubuntu1804-docker-8c-8g-3199 CRON[1633]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 26 14:07:01 prd-ubuntu1804-docker-8c-8g-3199 CRON[1633]: pam_unix(cron:session): session closed for user root
Jan 26 14:07:03 prd-ubuntu1804-docker-8c-8g-3199 sshd[1695]: Invalid user jenkins from 10.30.104.4 port 34796
Jan 26 14:07:03 prd-ubuntu1804-docker-8c-8g-3199 sshd[1695]: Received disconnect from 10.30.104.4 port 34796:11: Closed due to user request. [preauth]
Jan 26 14:07:03 prd-ubuntu1804-docker-8c-8g-3199 sshd[1695]: Disconnected from invalid user jenkins 10.30.104.4 port 34796 [preauth]
Jan 26 14:07:05 prd-ubuntu1804-docker-8c-8g-3199 sshd[1717]: Invalid user jenkins from 10.30.104.4 port 34820
Jan 26 14:07:05 prd-ubuntu1804-docker-8c-8g-3199 sshd[1717]: Received disconnect from 10.30.104.4 port 34820:11: Closed due to user request. [preauth]
Jan 26 14:07:05 prd-ubuntu1804-docker-8c-8g-3199 sshd[1717]: Disconnected from invalid user jenkins 10.30.104.4 port 34820 [preauth]
Jan 26 14:07:07 prd-ubuntu1804-docker-8c-8g-3199 useradd[1737]: new group: name=jenkins, GID=1001
Jan 26 14:07:07 prd-ubuntu1804-docker-8c-8g-3199 useradd[1737]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
Jan 26 14:07:07 prd-ubuntu1804-docker-8c-8g-3199 usermod[1746]: add 'jenkins' to group 'docker'
Jan 26 14:07:07 prd-ubuntu1804-docker-8c-8g-3199 usermod[1746]: add 'jenkins' to shadow group 'docker'
Jan 26 14:07:07 prd-ubuntu1804-docker-8c-8g-3199 sshd[1738]: Received disconnect from 10.30.104.4 port 34838:11: Closed due to user request. [preauth]
Jan 26 14:07:07 prd-ubuntu1804-docker-8c-8g-3199 sshd[1738]: Disconnected from authenticating user jenkins 10.30.104.4 port 34838 [preauth]
Jan 26 14:07:09 prd-ubuntu1804-docker-8c-8g-3199 sshd[1814]: Accepted publickey for jenkins from 10.30.104.4 port 34864 ssh2: RSA SHA256:V0799BjlU//1ruj1g81rY7MeNIJkwAJ0Kr3lNX3XaN4
Jan 26 14:07:09 prd-ubuntu1804-docker-8c-8g-3199 sshd[1814]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
Jan 26 14:07:09 prd-ubuntu1804-docker-8c-8g-3199 systemd-logind[1101]: New session 2 of user jenkins.
Jan 26 14:07:09 prd-ubuntu1804-docker-8c-8g-3199 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
Jan 26 14:08:01 prd-ubuntu1804-docker-8c-8g-3199 CRON[2420]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 26 14:08:01 prd-ubuntu1804-docker-8c-8g-3199 CRON[2420]: pam_unix(cron:session): session closed for user root
Jan 26 14:09:01 prd-ubuntu1804-docker-8c-8g-3199 CRON[5626]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 26 14:09:01 prd-ubuntu1804-docker-8c-8g-3199 CRON[5626]: pam_unix(cron:session): session closed for user root
Jan 26 14:10:01 prd-ubuntu1804-docker-8c-8g-3199 CRON[8868]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 26 14:10:01 prd-ubuntu1804-docker-8c-8g-3199 CRON[8868]: pam_unix(cron:session): session closed for user root
Jan 26 14:11:01 prd-ubuntu1804-docker-8c-8g-3199 CRON[9781]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 26 14:11:01 prd-ubuntu1804-docker-8c-8g-3199 CRON[9781]: pam_unix(cron:session): session closed for user root
Jan 26 14:12:01 prd-ubuntu1804-docker-8c-8g-3199 CRON[10333]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 26 14:12:01 prd-ubuntu1804-docker-8c-8g-3199 CRON[10333]: pam_unix(cron:session): session closed for user root
Jan 26 14:12:11 prd-ubuntu1804-docker-8c-8g-3199 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/integration-xtesting-security-docker-verify-master ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp
Jan 26 14:12:11 prd-ubuntu1804-docker-8c-8g-3199 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)