Jan  2 20:57:39 prd-ubuntu1804-docker-4c-4g-774 passwd[933]: password for 'ubuntu' changed by 'root'
Jan  2 20:57:39 prd-ubuntu1804-docker-4c-4g-774 systemd-logind[998]: Watching system buttons on /dev/input/event0 (Power Button)
Jan  2 20:57:39 prd-ubuntu1804-docker-4c-4g-774 systemd-logind[998]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Jan  2 20:57:39 prd-ubuntu1804-docker-4c-4g-774 systemd-logind[998]: New seat seat0.
Jan  2 20:57:39 prd-ubuntu1804-docker-4c-4g-774 sshd[1089]: Server listening on 0.0.0.0 port 22.
Jan  2 20:57:39 prd-ubuntu1804-docker-4c-4g-774 sshd[1089]: Server listening on :: port 22.
Jan  2 20:57:41 prd-ubuntu1804-docker-4c-4g-774 sshd[1442]: Did not receive identification string from 10.32.4.5 port 35778
Jan  2 20:57:48 prd-ubuntu1804-docker-4c-4g-774 sshd[1509]: Invalid user jenkins from 10.32.4.5 port 35782
Jan  2 20:57:48 prd-ubuntu1804-docker-4c-4g-774 sshd[1509]: Received disconnect from 10.32.4.5 port 35782:11: Closed due to user request. [preauth]
Jan  2 20:57:48 prd-ubuntu1804-docker-4c-4g-774 sshd[1509]: Disconnected from invalid user jenkins 10.32.4.5 port 35782 [preauth]
Jan  2 20:57:50 prd-ubuntu1804-docker-4c-4g-774 sshd[1513]: Invalid user jenkins from 10.32.4.5 port 35784
Jan  2 20:57:50 prd-ubuntu1804-docker-4c-4g-774 sshd[1513]: Received disconnect from 10.32.4.5 port 35784:11: Closed due to user request. [preauth]
Jan  2 20:57:50 prd-ubuntu1804-docker-4c-4g-774 sshd[1513]: Disconnected from invalid user jenkins 10.32.4.5 port 35784 [preauth]
Jan  2 20:57:52 prd-ubuntu1804-docker-4c-4g-774 sshd[1515]: Invalid user jenkins from 10.32.4.5 port 35792
Jan  2 20:57:52 prd-ubuntu1804-docker-4c-4g-774 sshd[1515]: Received disconnect from 10.32.4.5 port 35792:11: Closed due to user request. [preauth]
Jan  2 20:57:52 prd-ubuntu1804-docker-4c-4g-774 sshd[1515]: Disconnected from invalid user jenkins 10.32.4.5 port 35792 [preauth]
Jan  2 20:57:54 prd-ubuntu1804-docker-4c-4g-774 sshd[1517]: Invalid user jenkins from 10.32.4.5 port 35794
Jan  2 20:57:54 prd-ubuntu1804-docker-4c-4g-774 sshd[1517]: Received disconnect from 10.32.4.5 port 35794:11: Closed due to user request. [preauth]
Jan  2 20:57:54 prd-ubuntu1804-docker-4c-4g-774 sshd[1517]: Disconnected from invalid user jenkins 10.32.4.5 port 35794 [preauth]
Jan  2 20:57:56 prd-ubuntu1804-docker-4c-4g-774 sshd[1519]: Invalid user jenkins from 10.32.4.5 port 35798
Jan  2 20:57:56 prd-ubuntu1804-docker-4c-4g-774 sshd[1519]: Received disconnect from 10.32.4.5 port 35798:11: Closed due to user request. [preauth]
Jan  2 20:57:56 prd-ubuntu1804-docker-4c-4g-774 sshd[1519]: Disconnected from invalid user jenkins 10.32.4.5 port 35798 [preauth]
Jan  2 20:57:58 prd-ubuntu1804-docker-4c-4g-774 sshd[1521]: Invalid user jenkins from 10.32.4.5 port 35800
Jan  2 20:57:58 prd-ubuntu1804-docker-4c-4g-774 sshd[1521]: Received disconnect from 10.32.4.5 port 35800:11: Closed due to user request. [preauth]
Jan  2 20:57:58 prd-ubuntu1804-docker-4c-4g-774 sshd[1521]: Disconnected from invalid user jenkins 10.32.4.5 port 35800 [preauth]
Jan  2 20:58:00 prd-ubuntu1804-docker-4c-4g-774 sshd[1532]: Invalid user jenkins from 10.32.4.5 port 35804
Jan  2 20:58:00 prd-ubuntu1804-docker-4c-4g-774 sshd[1532]: Received disconnect from 10.32.4.5 port 35804:11: Closed due to user request. [preauth]
Jan  2 20:58:00 prd-ubuntu1804-docker-4c-4g-774 sshd[1532]: Disconnected from invalid user jenkins 10.32.4.5 port 35804 [preauth]
Jan  2 20:58:01 prd-ubuntu1804-docker-4c-4g-774 CRON[1560]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan  2 20:58:01 prd-ubuntu1804-docker-4c-4g-774 CRON[1560]: pam_unix(cron:session): session closed for user root
Jan  2 20:58:03 prd-ubuntu1804-docker-4c-4g-774 sshd[1757]: Invalid user jenkins from 10.32.4.5 port 35806
Jan  2 20:58:03 prd-ubuntu1804-docker-4c-4g-774 sshd[1757]: Received disconnect from 10.32.4.5 port 35806:11: Closed due to user request. [preauth]
Jan  2 20:58:03 prd-ubuntu1804-docker-4c-4g-774 sshd[1757]: Disconnected from invalid user jenkins 10.32.4.5 port 35806 [preauth]
Jan  2 20:58:05 prd-ubuntu1804-docker-4c-4g-774 sshd[1808]: Invalid user jenkins from 10.32.4.5 port 35808
Jan  2 20:58:05 prd-ubuntu1804-docker-4c-4g-774 sshd[1808]: Received disconnect from 10.32.4.5 port 35808:11: Closed due to user request. [preauth]
Jan  2 20:58:05 prd-ubuntu1804-docker-4c-4g-774 sshd[1808]: Disconnected from invalid user jenkins 10.32.4.5 port 35808 [preauth]
Jan  2 20:58:07 prd-ubuntu1804-docker-4c-4g-774 sshd[1814]: Invalid user jenkins from 10.32.4.5 port 35810
Jan  2 20:58:07 prd-ubuntu1804-docker-4c-4g-774 sshd[1814]: Received disconnect from 10.32.4.5 port 35810:11: Closed due to user request. [preauth]
Jan  2 20:58:07 prd-ubuntu1804-docker-4c-4g-774 sshd[1814]: Disconnected from invalid user jenkins 10.32.4.5 port 35810 [preauth]
Jan  2 20:58:08 prd-ubuntu1804-docker-4c-4g-774 useradd[1830]: new group: name=jenkins, GID=1001
Jan  2 20:58:08 prd-ubuntu1804-docker-4c-4g-774 useradd[1830]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
Jan  2 20:58:08 prd-ubuntu1804-docker-4c-4g-774 usermod[1837]: add 'jenkins' to group 'docker'
Jan  2 20:58:08 prd-ubuntu1804-docker-4c-4g-774 usermod[1837]: add 'jenkins' to shadow group 'docker'
Jan  2 20:58:09 prd-ubuntu1804-docker-4c-4g-774 sshd[1878]: Accepted publickey for jenkins from 10.32.4.5 port 35812 ssh2: RSA SHA256:MwkAMVxCcf5mjE3h3rXSsWkdX5TtX0v/kuPsZexJ1qI
Jan  2 20:58:09 prd-ubuntu1804-docker-4c-4g-774 sshd[1878]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
Jan  2 20:58:09 prd-ubuntu1804-docker-4c-4g-774 systemd-logind[998]: New session 2 of user jenkins.
Jan  2 20:58:09 prd-ubuntu1804-docker-4c-4g-774 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
Jan  2 20:59:02 prd-ubuntu1804-docker-4c-4g-774 CRON[2820]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan  2 20:59:02 prd-ubuntu1804-docker-4c-4g-774 CRON[2820]: pam_unix(cron:session): session closed for user root
Jan  2 21:00:01 prd-ubuntu1804-docker-4c-4g-774 CRON[3792]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan  2 21:00:01 prd-ubuntu1804-docker-4c-4g-774 CRON[3792]: pam_unix(cron:session): session closed for user root
Jan  2 21:00:02 prd-ubuntu1804-docker-4c-4g-774 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/it-dep-secret-docker-merge-master ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp
Jan  2 21:00:02 prd-ubuntu1804-docker-4c-4g-774 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)