May  9 20:58:39 prd-ubuntu1804-docker-4c-4g-570 passwd[939]: password for 'ubuntu' changed by 'root'
May  9 20:58:39 prd-ubuntu1804-docker-4c-4g-570 systemd-logind[1016]: Watching system buttons on /dev/input/event0 (Power Button)
May  9 20:58:39 prd-ubuntu1804-docker-4c-4g-570 systemd-logind[1016]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
May  9 20:58:39 prd-ubuntu1804-docker-4c-4g-570 systemd-logind[1016]: New seat seat0.
May  9 20:58:40 prd-ubuntu1804-docker-4c-4g-570 sshd[1247]: Server listening on 0.0.0.0 port 22.
May  9 20:58:40 prd-ubuntu1804-docker-4c-4g-570 sshd[1247]: Server listening on :: port 22.
May  9 20:58:44 prd-ubuntu1804-docker-4c-4g-570 sshd[1448]: Did not receive identification string from 10.32.4.5 port 41866
May  9 20:58:51 prd-ubuntu1804-docker-4c-4g-570 sshd[1508]: Invalid user jenkins from 10.32.4.5 port 41874
May  9 20:58:51 prd-ubuntu1804-docker-4c-4g-570 sshd[1508]: Received disconnect from 10.32.4.5 port 41874:11: Closed due to user request. [preauth]
May  9 20:58:51 prd-ubuntu1804-docker-4c-4g-570 sshd[1508]: Disconnected from invalid user jenkins 10.32.4.5 port 41874 [preauth]
May  9 20:58:53 prd-ubuntu1804-docker-4c-4g-570 sshd[1512]: Invalid user jenkins from 10.32.4.5 port 41876
May  9 20:58:53 prd-ubuntu1804-docker-4c-4g-570 sshd[1512]: Received disconnect from 10.32.4.5 port 41876:11: Closed due to user request. [preauth]
May  9 20:58:53 prd-ubuntu1804-docker-4c-4g-570 sshd[1512]: Disconnected from invalid user jenkins 10.32.4.5 port 41876 [preauth]
May  9 20:58:55 prd-ubuntu1804-docker-4c-4g-570 sshd[1514]: Invalid user jenkins from 10.32.4.5 port 41878
May  9 20:58:55 prd-ubuntu1804-docker-4c-4g-570 sshd[1514]: Received disconnect from 10.32.4.5 port 41878:11: Closed due to user request. [preauth]
May  9 20:58:55 prd-ubuntu1804-docker-4c-4g-570 sshd[1514]: Disconnected from invalid user jenkins 10.32.4.5 port 41878 [preauth]
May  9 20:58:57 prd-ubuntu1804-docker-4c-4g-570 sshd[1516]: Invalid user jenkins from 10.32.4.5 port 41880
May  9 20:58:57 prd-ubuntu1804-docker-4c-4g-570 sshd[1516]: Received disconnect from 10.32.4.5 port 41880:11: Closed due to user request. [preauth]
May  9 20:58:57 prd-ubuntu1804-docker-4c-4g-570 sshd[1516]: Disconnected from invalid user jenkins 10.32.4.5 port 41880 [preauth]
May  9 20:58:59 prd-ubuntu1804-docker-4c-4g-570 sshd[1518]: Invalid user jenkins from 10.32.4.5 port 41884
May  9 20:58:59 prd-ubuntu1804-docker-4c-4g-570 sshd[1518]: Received disconnect from 10.32.4.5 port 41884:11: Closed due to user request. [preauth]
May  9 20:58:59 prd-ubuntu1804-docker-4c-4g-570 sshd[1518]: Disconnected from invalid user jenkins 10.32.4.5 port 41884 [preauth]
May  9 20:59:01 prd-ubuntu1804-docker-4c-4g-570 CRON[1529]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 20:59:01 prd-ubuntu1804-docker-4c-4g-570 CRON[1529]: pam_unix(cron:session): session closed for user root
May  9 20:59:01 prd-ubuntu1804-docker-4c-4g-570 sshd[1538]: Invalid user jenkins from 10.32.4.5 port 41886
May  9 20:59:01 prd-ubuntu1804-docker-4c-4g-570 sshd[1538]: Received disconnect from 10.32.4.5 port 41886:11: Closed due to user request. [preauth]
May  9 20:59:01 prd-ubuntu1804-docker-4c-4g-570 sshd[1538]: Disconnected from invalid user jenkins 10.32.4.5 port 41886 [preauth]
May  9 20:59:04 prd-ubuntu1804-docker-4c-4g-570 sshd[1745]: Invalid user jenkins from 10.32.4.5 port 41888
May  9 20:59:04 prd-ubuntu1804-docker-4c-4g-570 sshd[1745]: Received disconnect from 10.32.4.5 port 41888:11: Closed due to user request. [preauth]
May  9 20:59:04 prd-ubuntu1804-docker-4c-4g-570 sshd[1745]: Disconnected from invalid user jenkins 10.32.4.5 port 41888 [preauth]
May  9 20:59:06 prd-ubuntu1804-docker-4c-4g-570 sshd[1798]: Invalid user jenkins from 10.32.4.5 port 41890
May  9 20:59:06 prd-ubuntu1804-docker-4c-4g-570 sshd[1798]: Received disconnect from 10.32.4.5 port 41890:11: Closed due to user request. [preauth]
May  9 20:59:06 prd-ubuntu1804-docker-4c-4g-570 sshd[1798]: Disconnected from invalid user jenkins 10.32.4.5 port 41890 [preauth]
May  9 20:59:08 prd-ubuntu1804-docker-4c-4g-570 sshd[1807]: Invalid user jenkins from 10.32.4.5 port 41892
May  9 20:59:08 prd-ubuntu1804-docker-4c-4g-570 sshd[1807]: Received disconnect from 10.32.4.5 port 41892:11: Closed due to user request. [preauth]
May  9 20:59:08 prd-ubuntu1804-docker-4c-4g-570 sshd[1807]: Disconnected from invalid user jenkins 10.32.4.5 port 41892 [preauth]
May  9 20:59:09 prd-ubuntu1804-docker-4c-4g-570 useradd[1823]: new group: name=jenkins, GID=1001
May  9 20:59:09 prd-ubuntu1804-docker-4c-4g-570 useradd[1823]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
May  9 20:59:09 prd-ubuntu1804-docker-4c-4g-570 usermod[1830]: add 'jenkins' to group 'docker'
May  9 20:59:09 prd-ubuntu1804-docker-4c-4g-570 usermod[1830]: add 'jenkins' to shadow group 'docker'
May  9 20:59:10 prd-ubuntu1804-docker-4c-4g-570 sshd[1870]: Accepted publickey for jenkins from 10.32.4.5 port 41894 ssh2: RSA SHA256:MwkAMVxCcf5mjE3h3rXSsWkdX5TtX0v/kuPsZexJ1qI
May  9 20:59:10 prd-ubuntu1804-docker-4c-4g-570 sshd[1870]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
May  9 20:59:10 prd-ubuntu1804-docker-4c-4g-570 systemd-logind[1016]: New session 2 of user jenkins.
May  9 20:59:10 prd-ubuntu1804-docker-4c-4g-570 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
May  9 21:00:01 prd-ubuntu1804-docker-4c-4g-570 CRON[2813]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 21:00:01 prd-ubuntu1804-docker-4c-4g-570 CRON[2813]: pam_unix(cron:session): session closed for user root
May  9 21:01:01 prd-ubuntu1804-docker-4c-4g-570 CRON[3456]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 21:01:01 prd-ubuntu1804-docker-4c-4g-570 CRON[3456]: pam_unix(cron:session): session closed for user root
May  9 21:01:40 prd-ubuntu1804-docker-4c-4g-570 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/it-dep-secret-docker-merge-master ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp
May  9 21:01:40 prd-ubuntu1804-docker-4c-4g-570 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)