Apr  2 12:20:12 prd-ubuntu1804-docker-8c-8g-3076 passwd[994]: password for 'ubuntu' changed by 'root'
Apr  2 12:20:12 prd-ubuntu1804-docker-8c-8g-3076 systemd-logind[1026]: Watching system buttons on /dev/input/event0 (Power Button)
Apr  2 12:20:12 prd-ubuntu1804-docker-8c-8g-3076 systemd-logind[1026]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Apr  2 12:20:12 prd-ubuntu1804-docker-8c-8g-3076 systemd-logind[1026]: New seat seat0.
Apr  2 12:20:12 prd-ubuntu1804-docker-8c-8g-3076 sshd[1116]: Server listening on 0.0.0.0 port 22.
Apr  2 12:20:12 prd-ubuntu1804-docker-8c-8g-3076 sshd[1116]: Server listening on :: port 22.
Apr  2 12:20:15 prd-ubuntu1804-docker-8c-8g-3076 sshd[1450]: Did not receive identification string from 10.30.104.4 port 42824
Apr  2 12:20:19 prd-ubuntu1804-docker-8c-8g-3076 sshd[1485]: Invalid user jenkins from 10.30.104.4 port 42834
Apr  2 12:20:19 prd-ubuntu1804-docker-8c-8g-3076 sshd[1485]: Received disconnect from 10.30.104.4 port 42834:11: Closed due to user request. [preauth]
Apr  2 12:20:19 prd-ubuntu1804-docker-8c-8g-3076 sshd[1485]: Disconnected from invalid user jenkins 10.30.104.4 port 42834 [preauth]
Apr  2 12:20:21 prd-ubuntu1804-docker-8c-8g-3076 sshd[1489]: Invalid user jenkins from 10.30.104.4 port 42842
Apr  2 12:20:21 prd-ubuntu1804-docker-8c-8g-3076 sshd[1489]: Received disconnect from 10.30.104.4 port 42842:11: Closed due to user request. [preauth]
Apr  2 12:20:21 prd-ubuntu1804-docker-8c-8g-3076 sshd[1489]: Disconnected from invalid user jenkins 10.30.104.4 port 42842 [preauth]
Apr  2 12:20:23 prd-ubuntu1804-docker-8c-8g-3076 sshd[1491]: Invalid user jenkins from 10.30.104.4 port 42854
Apr  2 12:20:23 prd-ubuntu1804-docker-8c-8g-3076 sshd[1491]: Received disconnect from 10.30.104.4 port 42854:11: Closed due to user request. [preauth]
Apr  2 12:20:23 prd-ubuntu1804-docker-8c-8g-3076 sshd[1491]: Disconnected from invalid user jenkins 10.30.104.4 port 42854 [preauth]
Apr  2 12:20:26 prd-ubuntu1804-docker-8c-8g-3076 sshd[1493]: Invalid user jenkins from 10.30.104.4 port 42860
Apr  2 12:20:26 prd-ubuntu1804-docker-8c-8g-3076 sshd[1493]: Received disconnect from 10.30.104.4 port 42860:11: Closed due to user request. [preauth]
Apr  2 12:20:26 prd-ubuntu1804-docker-8c-8g-3076 sshd[1493]: Disconnected from invalid user jenkins 10.30.104.4 port 42860 [preauth]
Apr  2 12:20:28 prd-ubuntu1804-docker-8c-8g-3076 sshd[1495]: Invalid user jenkins from 10.30.104.4 port 42868
Apr  2 12:20:28 prd-ubuntu1804-docker-8c-8g-3076 sshd[1495]: Received disconnect from 10.30.104.4 port 42868:11: Closed due to user request. [preauth]
Apr  2 12:20:28 prd-ubuntu1804-docker-8c-8g-3076 sshd[1495]: Disconnected from invalid user jenkins 10.30.104.4 port 42868 [preauth]
Apr  2 12:20:30 prd-ubuntu1804-docker-8c-8g-3076 sshd[1548]: Invalid user jenkins from 10.30.104.4 port 42876
Apr  2 12:20:30 prd-ubuntu1804-docker-8c-8g-3076 sshd[1548]: Received disconnect from 10.30.104.4 port 42876:11: Closed due to user request. [preauth]
Apr  2 12:20:30 prd-ubuntu1804-docker-8c-8g-3076 sshd[1548]: Disconnected from invalid user jenkins 10.30.104.4 port 42876 [preauth]
Apr  2 12:20:31 prd-ubuntu1804-docker-8c-8g-3076 sshd[1740]: Invalid user jenkins from 10.30.104.4 port 42884
Apr  2 12:20:31 prd-ubuntu1804-docker-8c-8g-3076 sshd[1740]: Received disconnect from 10.30.104.4 port 42884:11: Closed due to user request. [preauth]
Apr  2 12:20:31 prd-ubuntu1804-docker-8c-8g-3076 sshd[1740]: Disconnected from invalid user jenkins 10.30.104.4 port 42884 [preauth]
Apr  2 12:20:33 prd-ubuntu1804-docker-8c-8g-3076 sshd[1765]: Invalid user jenkins from 10.30.104.4 port 42892
Apr  2 12:20:34 prd-ubuntu1804-docker-8c-8g-3076 sshd[1765]: Received disconnect from 10.30.104.4 port 42892:11: Closed due to user request. [preauth]
Apr  2 12:20:34 prd-ubuntu1804-docker-8c-8g-3076 sshd[1765]: Disconnected from invalid user jenkins 10.30.104.4 port 42892 [preauth]
Apr  2 12:20:36 prd-ubuntu1804-docker-8c-8g-3076 useradd[1772]: new group: name=jenkins, GID=1001
Apr  2 12:20:36 prd-ubuntu1804-docker-8c-8g-3076 useradd[1772]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
Apr  2 12:20:36 prd-ubuntu1804-docker-8c-8g-3076 sshd[1773]: Invalid user jenkins from 10.30.104.4 port 42902
Apr  2 12:20:36 prd-ubuntu1804-docker-8c-8g-3076 sshd[1773]: Received disconnect from 10.30.104.4 port 42902:11: Closed due to user request. [preauth]
Apr  2 12:20:36 prd-ubuntu1804-docker-8c-8g-3076 sshd[1773]: Disconnected from invalid user jenkins 10.30.104.4 port 42902 [preauth]
Apr  2 12:20:36 prd-ubuntu1804-docker-8c-8g-3076 usermod[1781]: add 'jenkins' to group 'docker'
Apr  2 12:20:36 prd-ubuntu1804-docker-8c-8g-3076 usermod[1781]: add 'jenkins' to shadow group 'docker'
Apr  2 12:20:38 prd-ubuntu1804-docker-8c-8g-3076 sshd[1857]: Accepted publickey for jenkins from 10.30.104.4 port 42910 ssh2: RSA SHA256:V0799BjlU//1ruj1g81rY7MeNIJkwAJ0Kr3lNX3XaN4
Apr  2 12:20:38 prd-ubuntu1804-docker-8c-8g-3076 sshd[1857]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
Apr  2 12:20:38 prd-ubuntu1804-docker-8c-8g-3076 systemd-logind[1026]: New session 1 of user jenkins.
Apr  2 12:20:38 prd-ubuntu1804-docker-8c-8g-3076 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
Apr  2 12:21:01 prd-ubuntu1804-docker-8c-8g-3076 CRON[2413]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr  2 12:21:01 prd-ubuntu1804-docker-8c-8g-3076 CRON[2413]: pam_unix(cron:session): session closed for user root
Apr  2 12:22:01 prd-ubuntu1804-docker-8c-8g-3076 CRON[3218]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr  2 12:22:01 prd-ubuntu1804-docker-8c-8g-3076 CRON[3218]: pam_unix(cron:session): session closed for user root
Apr  2 12:23:01 prd-ubuntu1804-docker-8c-8g-3076 CRON[6389]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr  2 12:23:01 prd-ubuntu1804-docker-8c-8g-3076 CRON[6389]: pam_unix(cron:session): session closed for user root
Apr  2 12:24:01 prd-ubuntu1804-docker-8c-8g-3076 CRON[9893]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr  2 12:24:01 prd-ubuntu1804-docker-8c-8g-3076 CRON[9893]: pam_unix(cron:session): session closed for user root
Apr  2 12:25:01 prd-ubuntu1804-docker-8c-8g-3076 CRON[10333]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr  2 12:25:01 prd-ubuntu1804-docker-8c-8g-3076 CRON[10333]: pam_unix(cron:session): session closed for user root
Apr  2 12:25:19 prd-ubuntu1804-docker-8c-8g-3076 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/integration-xtesting-security-docker-verify-master ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp