Feb 27 20:57:42 prd-ubuntu1804-docker-4c-4g-1361 passwd[920]: password for 'ubuntu' changed by 'root'
Feb 27 20:57:42 prd-ubuntu1804-docker-4c-4g-1361 systemd-logind[1013]: Watching system buttons on /dev/input/event0 (Power Button)
Feb 27 20:57:42 prd-ubuntu1804-docker-4c-4g-1361 systemd-logind[1013]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Feb 27 20:57:42 prd-ubuntu1804-docker-4c-4g-1361 systemd-logind[1013]: New seat seat0.
Feb 27 20:57:42 prd-ubuntu1804-docker-4c-4g-1361 sshd[1204]: Server listening on 0.0.0.0 port 22.
Feb 27 20:57:42 prd-ubuntu1804-docker-4c-4g-1361 sshd[1204]: Server listening on :: port 22.
Feb 27 20:57:45 prd-ubuntu1804-docker-4c-4g-1361 sshd[1417]: Did not receive identification string from 10.32.4.5 port 43362
Feb 27 20:57:52 prd-ubuntu1804-docker-4c-4g-1361 sshd[1508]: Invalid user jenkins from 10.32.4.5 port 43366
Feb 27 20:57:52 prd-ubuntu1804-docker-4c-4g-1361 sshd[1508]: Received disconnect from 10.32.4.5 port 43366:11: Closed due to user request. [preauth]
Feb 27 20:57:52 prd-ubuntu1804-docker-4c-4g-1361 sshd[1508]: Disconnected from invalid user jenkins 10.32.4.5 port 43366 [preauth]
Feb 27 20:57:54 prd-ubuntu1804-docker-4c-4g-1361 sshd[1512]: Invalid user jenkins from 10.32.4.5 port 43368
Feb 27 20:57:54 prd-ubuntu1804-docker-4c-4g-1361 sshd[1512]: Received disconnect from 10.32.4.5 port 43368:11: Closed due to user request. [preauth]
Feb 27 20:57:54 prd-ubuntu1804-docker-4c-4g-1361 sshd[1512]: Disconnected from invalid user jenkins 10.32.4.5 port 43368 [preauth]
Feb 27 20:57:57 prd-ubuntu1804-docker-4c-4g-1361 sshd[1514]: Invalid user jenkins from 10.32.4.5 port 43370
Feb 27 20:57:57 prd-ubuntu1804-docker-4c-4g-1361 sshd[1514]: Received disconnect from 10.32.4.5 port 43370:11: Closed due to user request. [preauth]
Feb 27 20:57:57 prd-ubuntu1804-docker-4c-4g-1361 sshd[1514]: Disconnected from invalid user jenkins 10.32.4.5 port 43370 [preauth]
Feb 27 20:57:59 prd-ubuntu1804-docker-4c-4g-1361 sshd[1516]: Invalid user jenkins from 10.32.4.5 port 43372
Feb 27 20:57:59 prd-ubuntu1804-docker-4c-4g-1361 sshd[1516]: Received disconnect from 10.32.4.5 port 43372:11: Closed due to user request. [preauth]
Feb 27 20:57:59 prd-ubuntu1804-docker-4c-4g-1361 sshd[1516]: Disconnected from invalid user jenkins 10.32.4.5 port 43372 [preauth]
Feb 27 20:58:01 prd-ubuntu1804-docker-4c-4g-1361 sshd[1518]: Invalid user jenkins from 10.32.4.5 port 43374
Feb 27 20:58:01 prd-ubuntu1804-docker-4c-4g-1361 sshd[1518]: Received disconnect from 10.32.4.5 port 43374:11: Closed due to user request. [preauth]
Feb 27 20:58:01 prd-ubuntu1804-docker-4c-4g-1361 sshd[1518]: Disconnected from invalid user jenkins 10.32.4.5 port 43374 [preauth]
Feb 27 20:58:01 prd-ubuntu1804-docker-4c-4g-1361 CRON[1521]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 27 20:58:01 prd-ubuntu1804-docker-4c-4g-1361 CRON[1521]: pam_unix(cron:session): session closed for user root
Feb 27 20:58:03 prd-ubuntu1804-docker-4c-4g-1361 sshd[1528]: Invalid user jenkins from 10.32.4.5 port 43376
Feb 27 20:58:03 prd-ubuntu1804-docker-4c-4g-1361 sshd[1528]: Received disconnect from 10.32.4.5 port 43376:11: Closed due to user request. [preauth]
Feb 27 20:58:03 prd-ubuntu1804-docker-4c-4g-1361 sshd[1528]: Disconnected from invalid user jenkins 10.32.4.5 port 43376 [preauth]
Feb 27 20:58:05 prd-ubuntu1804-docker-4c-4g-1361 sshd[1730]: Invalid user jenkins from 10.32.4.5 port 43380
Feb 27 20:58:06 prd-ubuntu1804-docker-4c-4g-1361 sshd[1730]: Received disconnect from 10.32.4.5 port 43380:11: Closed due to user request. [preauth]
Feb 27 20:58:06 prd-ubuntu1804-docker-4c-4g-1361 sshd[1730]: Disconnected from invalid user jenkins 10.32.4.5 port 43380 [preauth]
Feb 27 20:58:08 prd-ubuntu1804-docker-4c-4g-1361 sshd[1785]: Invalid user jenkins from 10.32.4.5 port 43382
Feb 27 20:58:08 prd-ubuntu1804-docker-4c-4g-1361 sshd[1785]: Received disconnect from 10.32.4.5 port 43382:11: Closed due to user request. [preauth]
Feb 27 20:58:08 prd-ubuntu1804-docker-4c-4g-1361 sshd[1785]: Disconnected from invalid user jenkins 10.32.4.5 port 43382 [preauth]
Feb 27 20:58:10 prd-ubuntu1804-docker-4c-4g-1361 sshd[1804]: Invalid user jenkins from 10.32.4.5 port 43384
Feb 27 20:58:10 prd-ubuntu1804-docker-4c-4g-1361 sshd[1804]: Received disconnect from 10.32.4.5 port 43384:11: Closed due to user request. [preauth]
Feb 27 20:58:10 prd-ubuntu1804-docker-4c-4g-1361 sshd[1804]: Disconnected from invalid user jenkins 10.32.4.5 port 43384 [preauth]
Feb 27 20:58:11 prd-ubuntu1804-docker-4c-4g-1361 useradd[1820]: new group: name=jenkins, GID=1001
Feb 27 20:58:11 prd-ubuntu1804-docker-4c-4g-1361 useradd[1820]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
Feb 27 20:58:11 prd-ubuntu1804-docker-4c-4g-1361 usermod[1827]: add 'jenkins' to group 'docker'
Feb 27 20:58:11 prd-ubuntu1804-docker-4c-4g-1361 usermod[1827]: add 'jenkins' to shadow group 'docker'
Feb 27 20:58:12 prd-ubuntu1804-docker-4c-4g-1361 sshd[1861]: Accepted publickey for jenkins from 10.32.4.5 port 43392 ssh2: RSA SHA256:MwkAMVxCcf5mjE3h3rXSsWkdX5TtX0v/kuPsZexJ1qI
Feb 27 20:58:12 prd-ubuntu1804-docker-4c-4g-1361 sshd[1861]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
Feb 27 20:58:12 prd-ubuntu1804-docker-4c-4g-1361 systemd-logind[1013]: New session 2 of user jenkins.
Feb 27 20:58:12 prd-ubuntu1804-docker-4c-4g-1361 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
Feb 27 20:59:02 prd-ubuntu1804-docker-4c-4g-1361 CRON[2799]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 27 20:59:02 prd-ubuntu1804-docker-4c-4g-1361 CRON[2799]: pam_unix(cron:session): session closed for user root
Feb 27 21:00:01 prd-ubuntu1804-docker-4c-4g-1361 CRON[3773]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 27 21:00:01 prd-ubuntu1804-docker-4c-4g-1361 CRON[3773]: pam_unix(cron:session): session closed for user root
Feb 27 21:00:05 prd-ubuntu1804-docker-4c-4g-1361 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/it-dep-secret-docker-merge-master ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp
Feb 27 21:00:05 prd-ubuntu1804-docker-4c-4g-1361 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)