Sep  2 15:50:30 prd-ubuntu1804-docker-4c-4g-4050 passwd[936]: password for 'ubuntu' changed by 'root'
Sep  2 15:50:30 prd-ubuntu1804-docker-4c-4g-4050 systemd-logind[1005]: Watching system buttons on /dev/input/event0 (Power Button)
Sep  2 15:50:30 prd-ubuntu1804-docker-4c-4g-4050 systemd-logind[1005]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Sep  2 15:50:30 prd-ubuntu1804-docker-4c-4g-4050 systemd-logind[1005]: New seat seat0.
Sep  2 15:50:30 prd-ubuntu1804-docker-4c-4g-4050 sshd[1299]: Server listening on 0.0.0.0 port 22.
Sep  2 15:50:30 prd-ubuntu1804-docker-4c-4g-4050 sshd[1299]: Server listening on :: port 22.
Sep  2 15:50:33 prd-ubuntu1804-docker-4c-4g-4050 sshd[1524]: Did not receive identification string from 10.32.4.5 port 34662
Sep  2 15:50:40 prd-ubuntu1804-docker-4c-4g-4050 sshd[1574]: Invalid user jenkins from 10.32.4.5 port 34666
Sep  2 15:50:40 prd-ubuntu1804-docker-4c-4g-4050 sshd[1574]: Received disconnect from 10.32.4.5 port 34666:11: Closed due to user request. [preauth]
Sep  2 15:50:40 prd-ubuntu1804-docker-4c-4g-4050 sshd[1574]: Disconnected from invalid user jenkins 10.32.4.5 port 34666 [preauth]
Sep  2 15:50:42 prd-ubuntu1804-docker-4c-4g-4050 sshd[1578]: Invalid user jenkins from 10.32.4.5 port 34668
Sep  2 15:50:42 prd-ubuntu1804-docker-4c-4g-4050 sshd[1578]: Received disconnect from 10.32.4.5 port 34668:11: Closed due to user request. [preauth]
Sep  2 15:50:42 prd-ubuntu1804-docker-4c-4g-4050 sshd[1578]: Disconnected from invalid user jenkins 10.32.4.5 port 34668 [preauth]
Sep  2 15:50:45 prd-ubuntu1804-docker-4c-4g-4050 sshd[1580]: Invalid user jenkins from 10.32.4.5 port 34676
Sep  2 15:50:45 prd-ubuntu1804-docker-4c-4g-4050 sshd[1580]: Received disconnect from 10.32.4.5 port 34676:11: Closed due to user request. [preauth]
Sep  2 15:50:45 prd-ubuntu1804-docker-4c-4g-4050 sshd[1580]: Disconnected from invalid user jenkins 10.32.4.5 port 34676 [preauth]
Sep  2 15:50:47 prd-ubuntu1804-docker-4c-4g-4050 sshd[1582]: Invalid user jenkins from 10.32.4.5 port 34678
Sep  2 15:50:47 prd-ubuntu1804-docker-4c-4g-4050 sshd[1582]: Received disconnect from 10.32.4.5 port 34678:11: Closed due to user request. [preauth]
Sep  2 15:50:47 prd-ubuntu1804-docker-4c-4g-4050 sshd[1582]: Disconnected from invalid user jenkins 10.32.4.5 port 34678 [preauth]
Sep  2 15:50:49 prd-ubuntu1804-docker-4c-4g-4050 sshd[1584]: Invalid user jenkins from 10.32.4.5 port 34680
Sep  2 15:50:49 prd-ubuntu1804-docker-4c-4g-4050 sshd[1584]: Received disconnect from 10.32.4.5 port 34680:11: Closed due to user request. [preauth]
Sep  2 15:50:49 prd-ubuntu1804-docker-4c-4g-4050 sshd[1584]: Disconnected from invalid user jenkins 10.32.4.5 port 34680 [preauth]
Sep  2 15:50:51 prd-ubuntu1804-docker-4c-4g-4050 sshd[1586]: Invalid user jenkins from 10.32.4.5 port 34682
Sep  2 15:50:51 prd-ubuntu1804-docker-4c-4g-4050 sshd[1586]: Received disconnect from 10.32.4.5 port 34682:11: Closed due to user request. [preauth]
Sep  2 15:50:51 prd-ubuntu1804-docker-4c-4g-4050 sshd[1586]: Disconnected from invalid user jenkins 10.32.4.5 port 34682 [preauth]
Sep  2 15:50:53 prd-ubuntu1804-docker-4c-4g-4050 sshd[1749]: Invalid user jenkins from 10.32.4.5 port 34686
Sep  2 15:50:53 prd-ubuntu1804-docker-4c-4g-4050 sshd[1749]: Received disconnect from 10.32.4.5 port 34686:11: Closed due to user request. [preauth]
Sep  2 15:50:53 prd-ubuntu1804-docker-4c-4g-4050 sshd[1749]: Disconnected from invalid user jenkins 10.32.4.5 port 34686 [preauth]
Sep  2 15:50:55 prd-ubuntu1804-docker-4c-4g-4050 sshd[1841]: Invalid user jenkins from 10.32.4.5 port 34688
Sep  2 15:50:55 prd-ubuntu1804-docker-4c-4g-4050 sshd[1841]: Received disconnect from 10.32.4.5 port 34688:11: Closed due to user request. [preauth]
Sep  2 15:50:55 prd-ubuntu1804-docker-4c-4g-4050 sshd[1841]: Disconnected from invalid user jenkins 10.32.4.5 port 34688 [preauth]
Sep  2 15:50:57 prd-ubuntu1804-docker-4c-4g-4050 sshd[1859]: Invalid user jenkins from 10.32.4.5 port 34690
Sep  2 15:50:57 prd-ubuntu1804-docker-4c-4g-4050 sshd[1859]: Received disconnect from 10.32.4.5 port 34690:11: Closed due to user request. [preauth]
Sep  2 15:50:57 prd-ubuntu1804-docker-4c-4g-4050 sshd[1859]: Disconnected from invalid user jenkins 10.32.4.5 port 34690 [preauth]
Sep  2 15:50:59 prd-ubuntu1804-docker-4c-4g-4050 useradd[1877]: new group: name=jenkins, GID=1001
Sep  2 15:50:59 prd-ubuntu1804-docker-4c-4g-4050 useradd[1877]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
Sep  2 15:50:59 prd-ubuntu1804-docker-4c-4g-4050 usermod[1884]: add 'jenkins' to group 'docker'
Sep  2 15:50:59 prd-ubuntu1804-docker-4c-4g-4050 usermod[1884]: add 'jenkins' to shadow group 'docker'
Sep  2 15:51:00 prd-ubuntu1804-docker-4c-4g-4050 sshd[1918]: Accepted publickey for jenkins from 10.32.4.5 port 34692 ssh2: RSA SHA256:MwkAMVxCcf5mjE3h3rXSsWkdX5TtX0v/kuPsZexJ1qI
Sep  2 15:51:00 prd-ubuntu1804-docker-4c-4g-4050 sshd[1918]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
Sep  2 15:51:00 prd-ubuntu1804-docker-4c-4g-4050 systemd-logind[1005]: New session 1 of user jenkins.
Sep  2 15:51:00 prd-ubuntu1804-docker-4c-4g-4050 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
Sep  2 15:51:01 prd-ubuntu1804-docker-4c-4g-4050 CRON[2053]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep  2 15:51:01 prd-ubuntu1804-docker-4c-4g-4050 CRON[2053]: pam_unix(cron:session): session closed for user root
Sep  2 15:52:01 prd-ubuntu1804-docker-4c-4g-4050 CRON[2698]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep  2 15:52:01 prd-ubuntu1804-docker-4c-4g-4050 CRON[2698]: pam_unix(cron:session): session closed for user root
Sep  2 15:53:01 prd-ubuntu1804-docker-4c-4g-4050 CRON[6983]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep  2 15:53:01 prd-ubuntu1804-docker-4c-4g-4050 CRON[6983]: pam_unix(cron:session): session closed for user root
Sep  2 15:53:14 prd-ubuntu1804-docker-4c-4g-4050 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/it-dep-helm-docker-verify-all ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp
Sep  2 15:53:14 prd-ubuntu1804-docker-4c-4g-4050 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)