Apr  2 06:26:57 prd-ubuntu1804-docker-8c-8g-2949 passwd[1017]: password for 'ubuntu' changed by 'root'
Apr  2 06:26:57 prd-ubuntu1804-docker-8c-8g-2949 systemd-logind[1082]: Watching system buttons on /dev/input/event0 (Power Button)
Apr  2 06:26:57 prd-ubuntu1804-docker-8c-8g-2949 systemd-logind[1082]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Apr  2 06:26:57 prd-ubuntu1804-docker-8c-8g-2949 systemd-logind[1082]: New seat seat0.
Apr  2 06:26:57 prd-ubuntu1804-docker-8c-8g-2949 sshd[1153]: Server listening on 0.0.0.0 port 22.
Apr  2 06:26:57 prd-ubuntu1804-docker-8c-8g-2949 sshd[1153]: Server listening on :: port 22.
Apr  2 06:26:58 prd-ubuntu1804-docker-8c-8g-2949 sshd[1420]: Did not receive identification string from 10.30.104.4 port 55454
Apr  2 06:27:01 prd-ubuntu1804-docker-8c-8g-2949 CRON[1432]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr  2 06:27:01 prd-ubuntu1804-docker-8c-8g-2949 CRON[1432]: pam_unix(cron:session): session closed for user root
Apr  2 06:27:08 prd-ubuntu1804-docker-8c-8g-2949 sshd[1479]: Invalid user jenkins from 10.30.104.4 port 55488
Apr  2 06:27:08 prd-ubuntu1804-docker-8c-8g-2949 sshd[1479]: Received disconnect from 10.30.104.4 port 55488:11: Closed due to user request. [preauth]
Apr  2 06:27:08 prd-ubuntu1804-docker-8c-8g-2949 sshd[1479]: Disconnected from invalid user jenkins 10.30.104.4 port 55488 [preauth]
Apr  2 06:27:10 prd-ubuntu1804-docker-8c-8g-2949 sshd[1483]: Invalid user jenkins from 10.30.104.4 port 55504
Apr  2 06:27:10 prd-ubuntu1804-docker-8c-8g-2949 sshd[1483]: Received disconnect from 10.30.104.4 port 55504:11: Closed due to user request. [preauth]
Apr  2 06:27:10 prd-ubuntu1804-docker-8c-8g-2949 sshd[1483]: Disconnected from invalid user jenkins 10.30.104.4 port 55504 [preauth]
Apr  2 06:27:12 prd-ubuntu1804-docker-8c-8g-2949 sshd[1485]: Invalid user jenkins from 10.30.104.4 port 55520
Apr  2 06:27:12 prd-ubuntu1804-docker-8c-8g-2949 sshd[1485]: Received disconnect from 10.30.104.4 port 55520:11: Closed due to user request. [preauth]
Apr  2 06:27:12 prd-ubuntu1804-docker-8c-8g-2949 sshd[1485]: Disconnected from invalid user jenkins 10.30.104.4 port 55520 [preauth]
Apr  2 06:27:15 prd-ubuntu1804-docker-8c-8g-2949 sshd[1635]: Invalid user jenkins from 10.30.104.4 port 55532
Apr  2 06:27:15 prd-ubuntu1804-docker-8c-8g-2949 sshd[1635]: Received disconnect from 10.30.104.4 port 55532:11: Closed due to user request. [preauth]
Apr  2 06:27:15 prd-ubuntu1804-docker-8c-8g-2949 sshd[1635]: Disconnected from invalid user jenkins 10.30.104.4 port 55532 [preauth]
Apr  2 06:27:17 prd-ubuntu1804-docker-8c-8g-2949 sshd[1753]: Invalid user jenkins from 10.30.104.4 port 55542
Apr  2 06:27:17 prd-ubuntu1804-docker-8c-8g-2949 sshd[1753]: Received disconnect from 10.30.104.4 port 55542:11: Closed due to user request. [preauth]
Apr  2 06:27:17 prd-ubuntu1804-docker-8c-8g-2949 sshd[1753]: Disconnected from invalid user jenkins 10.30.104.4 port 55542 [preauth]
Apr  2 06:27:19 prd-ubuntu1804-docker-8c-8g-2949 sshd[1757]: Invalid user jenkins from 10.30.104.4 port 55554
Apr  2 06:27:19 prd-ubuntu1804-docker-8c-8g-2949 sshd[1757]: Received disconnect from 10.30.104.4 port 55554:11: Closed due to user request. [preauth]
Apr  2 06:27:19 prd-ubuntu1804-docker-8c-8g-2949 sshd[1757]: Disconnected from invalid user jenkins 10.30.104.4 port 55554 [preauth]
Apr  2 06:27:19 prd-ubuntu1804-docker-8c-8g-2949 useradd[1764]: new group: name=jenkins, GID=1001
Apr  2 06:27:19 prd-ubuntu1804-docker-8c-8g-2949 useradd[1764]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
Apr  2 06:27:19 prd-ubuntu1804-docker-8c-8g-2949 usermod[1771]: add 'jenkins' to group 'docker'
Apr  2 06:27:19 prd-ubuntu1804-docker-8c-8g-2949 usermod[1771]: add 'jenkins' to shadow group 'docker'
Apr  2 06:27:21 prd-ubuntu1804-docker-8c-8g-2949 sshd[1832]: Accepted publickey for jenkins from 10.30.104.4 port 55560 ssh2: RSA SHA256:V0799BjlU//1ruj1g81rY7MeNIJkwAJ0Kr3lNX3XaN4
Apr  2 06:27:21 prd-ubuntu1804-docker-8c-8g-2949 sshd[1832]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
Apr  2 06:27:21 prd-ubuntu1804-docker-8c-8g-2949 systemd-logind[1082]: New session 2 of user jenkins.
Apr  2 06:27:21 prd-ubuntu1804-docker-8c-8g-2949 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
Apr  2 06:28:01 prd-ubuntu1804-docker-8c-8g-2949 CRON[2417]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr  2 06:28:01 prd-ubuntu1804-docker-8c-8g-2949 CRON[2417]: pam_unix(cron:session): session closed for user root
Apr  2 06:29:01 prd-ubuntu1804-docker-8c-8g-2949 CRON[3764]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr  2 06:29:01 prd-ubuntu1804-docker-8c-8g-2949 CRON[3764]: pam_unix(cron:session): session closed for user root
Apr  2 06:29:07 prd-ubuntu1804-docker-8c-8g-2949 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/integration-xtesting-security-docker-verify-master ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp
Apr  2 06:29:07 prd-ubuntu1804-docker-8c-8g-2949 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)