Sep 19 20:57:40 prd-ubuntu1804-docker-4c-4g-5499 passwd[939]: password for 'ubuntu' changed by 'root'
Sep 19 20:57:40 prd-ubuntu1804-docker-4c-4g-5499 systemd-logind[1015]: Watching system buttons on /dev/input/event0 (Power Button)
Sep 19 20:57:40 prd-ubuntu1804-docker-4c-4g-5499 systemd-logind[1015]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Sep 19 20:57:40 prd-ubuntu1804-docker-4c-4g-5499 systemd-logind[1015]: New seat seat0.
Sep 19 20:57:40 prd-ubuntu1804-docker-4c-4g-5499 sshd[1142]: Server listening on 0.0.0.0 port 22.
Sep 19 20:57:40 prd-ubuntu1804-docker-4c-4g-5499 sshd[1142]: Server listening on :: port 22.
Sep 19 20:57:44 prd-ubuntu1804-docker-4c-4g-5499 sshd[1480]: Did not receive identification string from 10.32.4.5 port 36926
Sep 19 20:57:50 prd-ubuntu1804-docker-4c-4g-5499 sshd[1546]: Invalid user jenkins from 10.32.4.5 port 36940
Sep 19 20:57:50 prd-ubuntu1804-docker-4c-4g-5499 sshd[1546]: Received disconnect from 10.32.4.5 port 36940:11: Closed due to user request. [preauth]
Sep 19 20:57:50 prd-ubuntu1804-docker-4c-4g-5499 sshd[1546]: Disconnected from invalid user jenkins 10.32.4.5 port 36940 [preauth]
Sep 19 20:57:52 prd-ubuntu1804-docker-4c-4g-5499 sshd[1550]: Invalid user jenkins from 10.32.4.5 port 36944
Sep 19 20:57:52 prd-ubuntu1804-docker-4c-4g-5499 sshd[1550]: Received disconnect from 10.32.4.5 port 36944:11: Closed due to user request. [preauth]
Sep 19 20:57:52 prd-ubuntu1804-docker-4c-4g-5499 sshd[1550]: Disconnected from invalid user jenkins 10.32.4.5 port 36944 [preauth]
Sep 19 20:57:54 prd-ubuntu1804-docker-4c-4g-5499 sshd[1552]: Invalid user jenkins from 10.32.4.5 port 36946
Sep 19 20:57:55 prd-ubuntu1804-docker-4c-4g-5499 sshd[1552]: Received disconnect from 10.32.4.5 port 36946:11: Closed due to user request. [preauth]
Sep 19 20:57:55 prd-ubuntu1804-docker-4c-4g-5499 sshd[1552]: Disconnected from invalid user jenkins 10.32.4.5 port 36946 [preauth]
Sep 19 20:57:57 prd-ubuntu1804-docker-4c-4g-5499 sshd[1554]: Invalid user jenkins from 10.32.4.5 port 36948
Sep 19 20:57:57 prd-ubuntu1804-docker-4c-4g-5499 sshd[1554]: Received disconnect from 10.32.4.5 port 36948:11: Closed due to user request. [preauth]
Sep 19 20:57:57 prd-ubuntu1804-docker-4c-4g-5499 sshd[1554]: Disconnected from invalid user jenkins 10.32.4.5 port 36948 [preauth]
Sep 19 20:57:59 prd-ubuntu1804-docker-4c-4g-5499 sshd[1556]: Invalid user jenkins from 10.32.4.5 port 36950
Sep 19 20:57:59 prd-ubuntu1804-docker-4c-4g-5499 sshd[1556]: Received disconnect from 10.32.4.5 port 36950:11: Closed due to user request. [preauth]
Sep 19 20:57:59 prd-ubuntu1804-docker-4c-4g-5499 sshd[1556]: Disconnected from invalid user jenkins 10.32.4.5 port 36950 [preauth]
Sep 19 20:58:01 prd-ubuntu1804-docker-4c-4g-5499 sshd[1558]: Invalid user jenkins from 10.32.4.5 port 36958
Sep 19 20:58:01 prd-ubuntu1804-docker-4c-4g-5499 sshd[1558]: Received disconnect from 10.32.4.5 port 36958:11: Closed due to user request. [preauth]
Sep 19 20:58:01 prd-ubuntu1804-docker-4c-4g-5499 sshd[1558]: Disconnected from invalid user jenkins 10.32.4.5 port 36958 [preauth]
Sep 19 20:58:02 prd-ubuntu1804-docker-4c-4g-5499 CRON[1570]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 19 20:58:02 prd-ubuntu1804-docker-4c-4g-5499 CRON[1570]: pam_unix(cron:session): session closed for user root
Sep 19 20:58:03 prd-ubuntu1804-docker-4c-4g-5499 sshd[1733]: Invalid user jenkins from 10.32.4.5 port 36960
Sep 19 20:58:03 prd-ubuntu1804-docker-4c-4g-5499 sshd[1733]: Received disconnect from 10.32.4.5 port 36960:11: Closed due to user request. [preauth]
Sep 19 20:58:03 prd-ubuntu1804-docker-4c-4g-5499 sshd[1733]: Disconnected from invalid user jenkins 10.32.4.5 port 36960 [preauth]
Sep 19 20:58:05 prd-ubuntu1804-docker-4c-4g-5499 sshd[1830]: Invalid user jenkins from 10.32.4.5 port 36962
Sep 19 20:58:06 prd-ubuntu1804-docker-4c-4g-5499 sshd[1830]: Received disconnect from 10.32.4.5 port 36962:11: Closed due to user request. [preauth]
Sep 19 20:58:06 prd-ubuntu1804-docker-4c-4g-5499 sshd[1830]: Disconnected from invalid user jenkins 10.32.4.5 port 36962 [preauth]
Sep 19 20:58:08 prd-ubuntu1804-docker-4c-4g-5499 sshd[1849]: Invalid user jenkins from 10.32.4.5 port 36964
Sep 19 20:58:08 prd-ubuntu1804-docker-4c-4g-5499 sshd[1849]: Received disconnect from 10.32.4.5 port 36964:11: Closed due to user request. [preauth]
Sep 19 20:58:08 prd-ubuntu1804-docker-4c-4g-5499 sshd[1849]: Disconnected from invalid user jenkins 10.32.4.5 port 36964 [preauth]
Sep 19 20:58:09 prd-ubuntu1804-docker-4c-4g-5499 useradd[1867]: new group: name=jenkins, GID=1001
Sep 19 20:58:09 prd-ubuntu1804-docker-4c-4g-5499 useradd[1867]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
Sep 19 20:58:09 prd-ubuntu1804-docker-4c-4g-5499 usermod[1874]: add 'jenkins' to group 'docker'
Sep 19 20:58:09 prd-ubuntu1804-docker-4c-4g-5499 usermod[1874]: add 'jenkins' to shadow group 'docker'
Sep 19 20:58:10 prd-ubuntu1804-docker-4c-4g-5499 sshd[1908]: Accepted publickey for jenkins from 10.32.4.5 port 36968 ssh2: RSA SHA256:MwkAMVxCcf5mjE3h3rXSsWkdX5TtX0v/kuPsZexJ1qI
Sep 19 20:58:10 prd-ubuntu1804-docker-4c-4g-5499 sshd[1908]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
Sep 19 20:58:10 prd-ubuntu1804-docker-4c-4g-5499 systemd-logind[1015]: New session 2 of user jenkins.
Sep 19 20:58:10 prd-ubuntu1804-docker-4c-4g-5499 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
Sep 19 20:59:01 prd-ubuntu1804-docker-4c-4g-5499 CRON[3028]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 19 20:59:01 prd-ubuntu1804-docker-4c-4g-5499 CRON[3028]: pam_unix(cron:session): session closed for user root
Sep 19 21:00:01 prd-ubuntu1804-docker-4c-4g-5499 CRON[4009]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 19 21:00:01 prd-ubuntu1804-docker-4c-4g-5499 CRON[4009]: pam_unix(cron:session): session closed for user root
Sep 19 21:00:05 prd-ubuntu1804-docker-4c-4g-5499 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/it-dep-secret-docker-merge-master ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp
Sep 19 21:00:05 prd-ubuntu1804-docker-4c-4g-5499 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)