Feb  8 20:57:34 prd-ubuntu1804-docker-4c-4g-1228 passwd[922]: password for 'ubuntu' changed by 'root'
Feb  8 20:57:34 prd-ubuntu1804-docker-4c-4g-1228 systemd-logind[974]: Watching system buttons on /dev/input/event0 (Power Button)
Feb  8 20:57:34 prd-ubuntu1804-docker-4c-4g-1228 systemd-logind[974]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Feb  8 20:57:34 prd-ubuntu1804-docker-4c-4g-1228 systemd-logind[974]: New seat seat0.
Feb  8 20:57:35 prd-ubuntu1804-docker-4c-4g-1228 sshd[1226]: Server listening on 0.0.0.0 port 22.
Feb  8 20:57:35 prd-ubuntu1804-docker-4c-4g-1228 sshd[1226]: Server listening on :: port 22.
Feb  8 20:57:38 prd-ubuntu1804-docker-4c-4g-1228 sshd[1435]: Did not receive identification string from 10.32.4.5 port 60424
Feb  8 20:57:42 prd-ubuntu1804-docker-4c-4g-1228 sshd[1480]: Invalid user jenkins from 10.32.4.5 port 60426
Feb  8 20:57:42 prd-ubuntu1804-docker-4c-4g-1228 sshd[1480]: Received disconnect from 10.32.4.5 port 60426:11: Closed due to user request. [preauth]
Feb  8 20:57:42 prd-ubuntu1804-docker-4c-4g-1228 sshd[1480]: Disconnected from invalid user jenkins 10.32.4.5 port 60426 [preauth]
Feb  8 20:57:44 prd-ubuntu1804-docker-4c-4g-1228 sshd[1499]: Invalid user jenkins from 10.32.4.5 port 60430
Feb  8 20:57:44 prd-ubuntu1804-docker-4c-4g-1228 sshd[1499]: Received disconnect from 10.32.4.5 port 60430:11: Closed due to user request. [preauth]
Feb  8 20:57:44 prd-ubuntu1804-docker-4c-4g-1228 sshd[1499]: Disconnected from invalid user jenkins 10.32.4.5 port 60430 [preauth]
Feb  8 20:57:46 prd-ubuntu1804-docker-4c-4g-1228 sshd[1501]: Invalid user jenkins from 10.32.4.5 port 60432
Feb  8 20:57:46 prd-ubuntu1804-docker-4c-4g-1228 sshd[1501]: Received disconnect from 10.32.4.5 port 60432:11: Closed due to user request. [preauth]
Feb  8 20:57:46 prd-ubuntu1804-docker-4c-4g-1228 sshd[1501]: Disconnected from invalid user jenkins 10.32.4.5 port 60432 [preauth]
Feb  8 20:57:48 prd-ubuntu1804-docker-4c-4g-1228 sshd[1503]: Invalid user jenkins from 10.32.4.5 port 60434
Feb  8 20:57:48 prd-ubuntu1804-docker-4c-4g-1228 sshd[1503]: Received disconnect from 10.32.4.5 port 60434:11: Closed due to user request. [preauth]
Feb  8 20:57:48 prd-ubuntu1804-docker-4c-4g-1228 sshd[1503]: Disconnected from invalid user jenkins 10.32.4.5 port 60434 [preauth]
Feb  8 20:57:50 prd-ubuntu1804-docker-4c-4g-1228 sshd[1505]: Invalid user jenkins from 10.32.4.5 port 60436
Feb  8 20:57:50 prd-ubuntu1804-docker-4c-4g-1228 sshd[1505]: Received disconnect from 10.32.4.5 port 60436:11: Closed due to user request. [preauth]
Feb  8 20:57:50 prd-ubuntu1804-docker-4c-4g-1228 sshd[1505]: Disconnected from invalid user jenkins 10.32.4.5 port 60436 [preauth]
Feb  8 20:57:52 prd-ubuntu1804-docker-4c-4g-1228 sshd[1507]: Invalid user jenkins from 10.32.4.5 port 60438
Feb  8 20:57:52 prd-ubuntu1804-docker-4c-4g-1228 sshd[1507]: Received disconnect from 10.32.4.5 port 60438:11: Closed due to user request. [preauth]
Feb  8 20:57:52 prd-ubuntu1804-docker-4c-4g-1228 sshd[1507]: Disconnected from invalid user jenkins 10.32.4.5 port 60438 [preauth]
Feb  8 20:57:54 prd-ubuntu1804-docker-4c-4g-1228 sshd[1509]: Invalid user jenkins from 10.32.4.5 port 60440
Feb  8 20:57:54 prd-ubuntu1804-docker-4c-4g-1228 sshd[1509]: Received disconnect from 10.32.4.5 port 60440:11: Closed due to user request. [preauth]
Feb  8 20:57:54 prd-ubuntu1804-docker-4c-4g-1228 sshd[1509]: Disconnected from invalid user jenkins 10.32.4.5 port 60440 [preauth]
Feb  8 20:57:56 prd-ubuntu1804-docker-4c-4g-1228 sshd[1511]: Invalid user jenkins from 10.32.4.5 port 60442
Feb  8 20:57:56 prd-ubuntu1804-docker-4c-4g-1228 sshd[1511]: Received disconnect from 10.32.4.5 port 60442:11: Closed due to user request. [preauth]
Feb  8 20:57:56 prd-ubuntu1804-docker-4c-4g-1228 sshd[1511]: Disconnected from invalid user jenkins 10.32.4.5 port 60442 [preauth]
Feb  8 20:57:58 prd-ubuntu1804-docker-4c-4g-1228 sshd[1708]: Invalid user jenkins from 10.32.4.5 port 60444
Feb  8 20:57:58 prd-ubuntu1804-docker-4c-4g-1228 sshd[1708]: Received disconnect from 10.32.4.5 port 60444:11: Closed due to user request. [preauth]
Feb  8 20:57:58 prd-ubuntu1804-docker-4c-4g-1228 sshd[1708]: Disconnected from invalid user jenkins 10.32.4.5 port 60444 [preauth]
Feb  8 20:58:00 prd-ubuntu1804-docker-4c-4g-1228 sshd[1767]: Invalid user jenkins from 10.32.4.5 port 60448
Feb  8 20:58:01 prd-ubuntu1804-docker-4c-4g-1228 sshd[1767]: Received disconnect from 10.32.4.5 port 60448:11: Closed due to user request. [preauth]
Feb  8 20:58:01 prd-ubuntu1804-docker-4c-4g-1228 sshd[1767]: Disconnected from invalid user jenkins 10.32.4.5 port 60448 [preauth]
Feb  8 20:58:01 prd-ubuntu1804-docker-4c-4g-1228 CRON[1785]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  8 20:58:01 prd-ubuntu1804-docker-4c-4g-1228 CRON[1785]: pam_unix(cron:session): session closed for user root
Feb  8 20:58:03 prd-ubuntu1804-docker-4c-4g-1228 sshd[1794]: Invalid user jenkins from 10.32.4.5 port 60450
Feb  8 20:58:03 prd-ubuntu1804-docker-4c-4g-1228 sshd[1794]: Received disconnect from 10.32.4.5 port 60450:11: Closed due to user request. [preauth]
Feb  8 20:58:03 prd-ubuntu1804-docker-4c-4g-1228 sshd[1794]: Disconnected from invalid user jenkins 10.32.4.5 port 60450 [preauth]
Feb  8 20:58:04 prd-ubuntu1804-docker-4c-4g-1228 useradd[1812]: new group: name=jenkins, GID=1001
Feb  8 20:58:04 prd-ubuntu1804-docker-4c-4g-1228 useradd[1812]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
Feb  8 20:58:04 prd-ubuntu1804-docker-4c-4g-1228 usermod[1819]: add 'jenkins' to group 'docker'
Feb  8 20:58:04 prd-ubuntu1804-docker-4c-4g-1228 usermod[1819]: add 'jenkins' to shadow group 'docker'
Feb  8 20:58:05 prd-ubuntu1804-docker-4c-4g-1228 sshd[1853]: Accepted publickey for jenkins from 10.32.4.5 port 60452 ssh2: RSA SHA256:MwkAMVxCcf5mjE3h3rXSsWkdX5TtX0v/kuPsZexJ1qI
Feb  8 20:58:05 prd-ubuntu1804-docker-4c-4g-1228 sshd[1853]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
Feb  8 20:58:05 prd-ubuntu1804-docker-4c-4g-1228 systemd-logind[974]: New session 2 of user jenkins.
Feb  8 20:58:05 prd-ubuntu1804-docker-4c-4g-1228 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
Feb  8 20:59:01 prd-ubuntu1804-docker-4c-4g-1228 CRON[3003]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  8 20:59:01 prd-ubuntu1804-docker-4c-4g-1228 CRON[3003]: pam_unix(cron:session): session closed for user root
Feb  8 21:00:01 prd-ubuntu1804-docker-4c-4g-1228 CRON[3838]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  8 21:00:01 prd-ubuntu1804-docker-4c-4g-1228 CRON[3838]: pam_unix(cron:session): session closed for user root
Feb  8 21:00:19 prd-ubuntu1804-docker-4c-4g-1228 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/it-dep-secret-docker-merge-master ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp
Feb  8 21:00:19 prd-ubuntu1804-docker-4c-4g-1228 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)