Apr  3 20:57:40 prd-ubuntu1804-docker-4c-4g-4270 passwd[945]: password for 'ubuntu' changed by 'root'
Apr  3 20:57:40 prd-ubuntu1804-docker-4c-4g-4270 systemd-logind[980]: Watching system buttons on /dev/input/event0 (Power Button)
Apr  3 20:57:40 prd-ubuntu1804-docker-4c-4g-4270 systemd-logind[980]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Apr  3 20:57:40 prd-ubuntu1804-docker-4c-4g-4270 systemd-logind[980]: New seat seat0.
Apr  3 20:57:41 prd-ubuntu1804-docker-4c-4g-4270 sshd[1249]: Server listening on 0.0.0.0 port 22.
Apr  3 20:57:41 prd-ubuntu1804-docker-4c-4g-4270 sshd[1249]: Server listening on :: port 22.
Apr  3 20:57:44 prd-ubuntu1804-docker-4c-4g-4270 sshd[1474]: Did not receive identification string from 10.32.4.5 port 35180
Apr  3 20:57:52 prd-ubuntu1804-docker-4c-4g-4270 sshd[1534]: Invalid user jenkins from 10.32.4.5 port 35184
Apr  3 20:57:52 prd-ubuntu1804-docker-4c-4g-4270 sshd[1534]: Received disconnect from 10.32.4.5 port 35184:11: Closed due to user request. [preauth]
Apr  3 20:57:52 prd-ubuntu1804-docker-4c-4g-4270 sshd[1534]: Disconnected from invalid user jenkins 10.32.4.5 port 35184 [preauth]
Apr  3 20:57:54 prd-ubuntu1804-docker-4c-4g-4270 sshd[1538]: Invalid user jenkins from 10.32.4.5 port 35186
Apr  3 20:57:54 prd-ubuntu1804-docker-4c-4g-4270 sshd[1538]: Received disconnect from 10.32.4.5 port 35186:11: Closed due to user request. [preauth]
Apr  3 20:57:54 prd-ubuntu1804-docker-4c-4g-4270 sshd[1538]: Disconnected from invalid user jenkins 10.32.4.5 port 35186 [preauth]
Apr  3 20:57:56 prd-ubuntu1804-docker-4c-4g-4270 sshd[1540]: Invalid user jenkins from 10.32.4.5 port 35188
Apr  3 20:57:56 prd-ubuntu1804-docker-4c-4g-4270 sshd[1540]: Received disconnect from 10.32.4.5 port 35188:11: Closed due to user request. [preauth]
Apr  3 20:57:56 prd-ubuntu1804-docker-4c-4g-4270 sshd[1540]: Disconnected from invalid user jenkins 10.32.4.5 port 35188 [preauth]
Apr  3 20:57:58 prd-ubuntu1804-docker-4c-4g-4270 sshd[1542]: Invalid user jenkins from 10.32.4.5 port 35190
Apr  3 20:57:58 prd-ubuntu1804-docker-4c-4g-4270 sshd[1542]: Received disconnect from 10.32.4.5 port 35190:11: Closed due to user request. [preauth]
Apr  3 20:57:58 prd-ubuntu1804-docker-4c-4g-4270 sshd[1542]: Disconnected from invalid user jenkins 10.32.4.5 port 35190 [preauth]
Apr  3 20:58:00 prd-ubuntu1804-docker-4c-4g-4270 sshd[1544]: Invalid user jenkins from 10.32.4.5 port 35192
Apr  3 20:58:00 prd-ubuntu1804-docker-4c-4g-4270 sshd[1544]: Received disconnect from 10.32.4.5 port 35192:11: Closed due to user request. [preauth]
Apr  3 20:58:00 prd-ubuntu1804-docker-4c-4g-4270 sshd[1544]: Disconnected from invalid user jenkins 10.32.4.5 port 35192 [preauth]
Apr  3 20:58:01 prd-ubuntu1804-docker-4c-4g-4270 CRON[1547]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr  3 20:58:01 prd-ubuntu1804-docker-4c-4g-4270 CRON[1547]: pam_unix(cron:session): session closed for user root
Apr  3 20:58:03 prd-ubuntu1804-docker-4c-4g-4270 sshd[1577]: Invalid user jenkins from 10.32.4.5 port 35194
Apr  3 20:58:03 prd-ubuntu1804-docker-4c-4g-4270 sshd[1577]: Received disconnect from 10.32.4.5 port 35194:11: Closed due to user request. [preauth]
Apr  3 20:58:03 prd-ubuntu1804-docker-4c-4g-4270 sshd[1577]: Disconnected from invalid user jenkins 10.32.4.5 port 35194 [preauth]
Apr  3 20:58:05 prd-ubuntu1804-docker-4c-4g-4270 sshd[1793]: Invalid user jenkins from 10.32.4.5 port 35198
Apr  3 20:58:06 prd-ubuntu1804-docker-4c-4g-4270 sshd[1793]: Received disconnect from 10.32.4.5 port 35198:11: Closed due to user request. [preauth]
Apr  3 20:58:06 prd-ubuntu1804-docker-4c-4g-4270 sshd[1793]: Disconnected from invalid user jenkins 10.32.4.5 port 35198 [preauth]
Apr  3 20:58:08 prd-ubuntu1804-docker-4c-4g-4270 sshd[1834]: Invalid user jenkins from 10.32.4.5 port 35200
Apr  3 20:58:08 prd-ubuntu1804-docker-4c-4g-4270 sshd[1834]: Received disconnect from 10.32.4.5 port 35200:11: Closed due to user request. [preauth]
Apr  3 20:58:08 prd-ubuntu1804-docker-4c-4g-4270 sshd[1834]: Disconnected from invalid user jenkins 10.32.4.5 port 35200 [preauth]
Apr  3 20:58:10 prd-ubuntu1804-docker-4c-4g-4270 sshd[1851]: Invalid user jenkins from 10.32.4.5 port 35204
Apr  3 20:58:10 prd-ubuntu1804-docker-4c-4g-4270 useradd[1854]: new group: name=jenkins, GID=1001
Apr  3 20:58:10 prd-ubuntu1804-docker-4c-4g-4270 useradd[1854]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
Apr  3 20:58:10 prd-ubuntu1804-docker-4c-4g-4270 sshd[1851]: Received disconnect from 10.32.4.5 port 35204:11: Closed due to user request. [preauth]
Apr  3 20:58:10 prd-ubuntu1804-docker-4c-4g-4270 sshd[1851]: Disconnected from invalid user jenkins 10.32.4.5 port 35204 [preauth]
Apr  3 20:58:10 prd-ubuntu1804-docker-4c-4g-4270 usermod[1861]: add 'jenkins' to group 'docker'
Apr  3 20:58:10 prd-ubuntu1804-docker-4c-4g-4270 usermod[1861]: add 'jenkins' to shadow group 'docker'
Apr  3 20:58:12 prd-ubuntu1804-docker-4c-4g-4270 sshd[1904]: Accepted publickey for jenkins from 10.32.4.5 port 35212 ssh2: RSA SHA256:MwkAMVxCcf5mjE3h3rXSsWkdX5TtX0v/kuPsZexJ1qI
Apr  3 20:58:12 prd-ubuntu1804-docker-4c-4g-4270 sshd[1904]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
Apr  3 20:58:12 prd-ubuntu1804-docker-4c-4g-4270 systemd-logind[980]: New session 2 of user jenkins.
Apr  3 20:58:12 prd-ubuntu1804-docker-4c-4g-4270 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
Apr  3 20:59:02 prd-ubuntu1804-docker-4c-4g-4270 CRON[2844]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr  3 20:59:02 prd-ubuntu1804-docker-4c-4g-4270 CRON[2844]: pam_unix(cron:session): session closed for user root
Apr  3 21:00:01 prd-ubuntu1804-docker-4c-4g-4270 CRON[3820]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr  3 21:00:01 prd-ubuntu1804-docker-4c-4g-4270 CRON[3820]: pam_unix(cron:session): session closed for user root
Apr  3 21:00:07 prd-ubuntu1804-docker-4c-4g-4270 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/it-dep-secret-docker-merge-master ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp
Apr  3 21:00:07 prd-ubuntu1804-docker-4c-4g-4270 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)