Sep 26 08:33:38 prd-ubuntu1804-docker-8c-8g-287 passwd[1006]: password for 'ubuntu' changed by 'root'
Sep 26 08:33:38 prd-ubuntu1804-docker-8c-8g-287 systemd-logind[1123]: Watching system buttons on /dev/input/event0 (Power Button)
Sep 26 08:33:38 prd-ubuntu1804-docker-8c-8g-287 systemd-logind[1123]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Sep 26 08:33:38 prd-ubuntu1804-docker-8c-8g-287 systemd-logind[1123]: New seat seat0.
Sep 26 08:33:38 prd-ubuntu1804-docker-8c-8g-287 sshd[1128]: Server listening on 0.0.0.0 port 22.
Sep 26 08:33:38 prd-ubuntu1804-docker-8c-8g-287 sshd[1128]: Server listening on :: port 22.
Sep 26 08:33:42 prd-ubuntu1804-docker-8c-8g-287 sshd[1435]: Did not receive identification string from 10.30.104.4 port 38976
Sep 26 08:33:49 prd-ubuntu1804-docker-8c-8g-287 sshd[1463]: Invalid user jenkins from 10.30.104.4 port 38986
Sep 26 08:33:49 prd-ubuntu1804-docker-8c-8g-287 sshd[1463]: Received disconnect from 10.30.104.4 port 38986:11: Closed due to user request. [preauth]
Sep 26 08:33:49 prd-ubuntu1804-docker-8c-8g-287 sshd[1463]: Disconnected from invalid user jenkins 10.30.104.4 port 38986 [preauth]
Sep 26 08:33:51 prd-ubuntu1804-docker-8c-8g-287 sshd[1467]: Invalid user jenkins from 10.30.104.4 port 38988
Sep 26 08:33:51 prd-ubuntu1804-docker-8c-8g-287 sshd[1467]: Received disconnect from 10.30.104.4 port 38988:11: Closed due to user request. [preauth]
Sep 26 08:33:51 prd-ubuntu1804-docker-8c-8g-287 sshd[1467]: Disconnected from invalid user jenkins 10.30.104.4 port 38988 [preauth]
Sep 26 08:33:53 prd-ubuntu1804-docker-8c-8g-287 sshd[1469]: Invalid user jenkins from 10.30.104.4 port 38990
Sep 26 08:33:53 prd-ubuntu1804-docker-8c-8g-287 sshd[1469]: Received disconnect from 10.30.104.4 port 38990:11: Closed due to user request. [preauth]
Sep 26 08:33:53 prd-ubuntu1804-docker-8c-8g-287 sshd[1469]: Disconnected from invalid user jenkins 10.30.104.4 port 38990 [preauth]
Sep 26 08:33:55 prd-ubuntu1804-docker-8c-8g-287 sshd[1471]: Invalid user jenkins from 10.30.104.4 port 38992
Sep 26 08:33:55 prd-ubuntu1804-docker-8c-8g-287 sshd[1471]: Received disconnect from 10.30.104.4 port 38992:11: Closed due to user request. [preauth]
Sep 26 08:33:55 prd-ubuntu1804-docker-8c-8g-287 sshd[1471]: Disconnected from invalid user jenkins 10.30.104.4 port 38992 [preauth]
Sep 26 08:33:57 prd-ubuntu1804-docker-8c-8g-287 sshd[1695]: Invalid user jenkins from 10.30.104.4 port 39000
Sep 26 08:33:57 prd-ubuntu1804-docker-8c-8g-287 sshd[1695]: Received disconnect from 10.30.104.4 port 39000:11: Closed due to user request. [preauth]
Sep 26 08:33:57 prd-ubuntu1804-docker-8c-8g-287 sshd[1695]: Disconnected from invalid user jenkins 10.30.104.4 port 39000 [preauth]
Sep 26 08:33:59 prd-ubuntu1804-docker-8c-8g-287 sshd[1740]: Invalid user jenkins from 10.30.104.4 port 39002
Sep 26 08:33:59 prd-ubuntu1804-docker-8c-8g-287 sshd[1740]: Received disconnect from 10.30.104.4 port 39002:11: Closed due to user request. [preauth]
Sep 26 08:33:59 prd-ubuntu1804-docker-8c-8g-287 sshd[1740]: Disconnected from invalid user jenkins 10.30.104.4 port 39002 [preauth]
Sep 26 08:34:01 prd-ubuntu1804-docker-8c-8g-287 CRON[1743]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 26 08:34:01 prd-ubuntu1804-docker-8c-8g-287 CRON[1743]: pam_unix(cron:session): session closed for user root
Sep 26 08:34:01 prd-ubuntu1804-docker-8c-8g-287 sshd[1751]: Invalid user jenkins from 10.30.104.4 port 39004
Sep 26 08:34:01 prd-ubuntu1804-docker-8c-8g-287 sshd[1751]: Received disconnect from 10.30.104.4 port 39004:11: Closed due to user request. [preauth]
Sep 26 08:34:01 prd-ubuntu1804-docker-8c-8g-287 sshd[1751]: Disconnected from invalid user jenkins 10.30.104.4 port 39004 [preauth]
Sep 26 08:34:03 prd-ubuntu1804-docker-8c-8g-287 sshd[1760]: Invalid user jenkins from 10.30.104.4 port 39006
Sep 26 08:34:03 prd-ubuntu1804-docker-8c-8g-287 sshd[1760]: Received disconnect from 10.30.104.4 port 39006:11: Closed due to user request. [preauth]
Sep 26 08:34:03 prd-ubuntu1804-docker-8c-8g-287 sshd[1760]: Disconnected from invalid user jenkins 10.30.104.4 port 39006 [preauth]
Sep 26 08:34:05 prd-ubuntu1804-docker-8c-8g-287 useradd[1780]: new group: name=jenkins, GID=1001
Sep 26 08:34:05 prd-ubuntu1804-docker-8c-8g-287 useradd[1780]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
Sep 26 08:34:05 prd-ubuntu1804-docker-8c-8g-287 usermod[1787]: add 'jenkins' to group 'docker'
Sep 26 08:34:05 prd-ubuntu1804-docker-8c-8g-287 usermod[1787]: add 'jenkins' to shadow group 'docker'
Sep 26 08:34:05 prd-ubuntu1804-docker-8c-8g-287 sshd[1848]: Accepted publickey for jenkins from 10.30.104.4 port 39008 ssh2: RSA SHA256:V0799BjlU//1ruj1g81rY7MeNIJkwAJ0Kr3lNX3XaN4
Sep 26 08:34:05 prd-ubuntu1804-docker-8c-8g-287 sshd[1848]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
Sep 26 08:34:05 prd-ubuntu1804-docker-8c-8g-287 systemd-logind[1123]: New session 2 of user jenkins.
Sep 26 08:34:05 prd-ubuntu1804-docker-8c-8g-287 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
Sep 26 08:35:01 prd-ubuntu1804-docker-8c-8g-287 CRON[2481]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 26 08:35:01 prd-ubuntu1804-docker-8c-8g-287 CRON[2481]: pam_unix(cron:session): session closed for user root
Sep 26 08:36:01 prd-ubuntu1804-docker-8c-8g-287 CRON[2838]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 26 08:36:01 prd-ubuntu1804-docker-8c-8g-287 CRON[2838]: pam_unix(cron:session): session closed for user root
Sep 26 08:37:01 prd-ubuntu1804-docker-8c-8g-287 CRON[13446]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 26 08:37:01 prd-ubuntu1804-docker-8c-8g-287 CRON[13446]: pam_unix(cron:session): session closed for user root
Sep 26 08:38:01 prd-ubuntu1804-docker-8c-8g-287 CRON[16212]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 26 08:38:01 prd-ubuntu1804-docker-8c-8g-287 CRON[16212]: pam_unix(cron:session): session closed for user root
Sep 26 08:38:25 prd-ubuntu1804-docker-8c-8g-287 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/multicloud-k8s-master-docker-golang-shell-daily ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp
Sep 26 08:38:25 prd-ubuntu1804-docker-8c-8g-287 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)