May  8 20:57:42 prd-ubuntu1804-docker-4c-4g-535 passwd[911]: password for 'ubuntu' changed by 'root'
May  8 20:57:42 prd-ubuntu1804-docker-4c-4g-535 systemd-logind[938]: Watching system buttons on /dev/input/event0 (Power Button)
May  8 20:57:42 prd-ubuntu1804-docker-4c-4g-535 systemd-logind[938]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
May  8 20:57:42 prd-ubuntu1804-docker-4c-4g-535 systemd-logind[938]: New seat seat0.
May  8 20:57:42 prd-ubuntu1804-docker-4c-4g-535 sshd[1204]: Server listening on 0.0.0.0 port 22.
May  8 20:57:42 prd-ubuntu1804-docker-4c-4g-535 sshd[1204]: Server listening on :: port 22.
May  8 20:57:46 prd-ubuntu1804-docker-4c-4g-535 sshd[1420]: Did not receive identification string from 10.32.4.5 port 45672
May  8 20:57:55 prd-ubuntu1804-docker-4c-4g-535 sshd[1482]: Invalid user jenkins from 10.32.4.5 port 45680
May  8 20:57:55 prd-ubuntu1804-docker-4c-4g-535 sshd[1482]: Received disconnect from 10.32.4.5 port 45680:11: Closed due to user request. [preauth]
May  8 20:57:55 prd-ubuntu1804-docker-4c-4g-535 sshd[1482]: Disconnected from invalid user jenkins 10.32.4.5 port 45680 [preauth]
May  8 20:57:57 prd-ubuntu1804-docker-4c-4g-535 sshd[1486]: Invalid user jenkins from 10.32.4.5 port 45682
May  8 20:57:57 prd-ubuntu1804-docker-4c-4g-535 sshd[1486]: Received disconnect from 10.32.4.5 port 45682:11: Closed due to user request. [preauth]
May  8 20:57:57 prd-ubuntu1804-docker-4c-4g-535 sshd[1486]: Disconnected from invalid user jenkins 10.32.4.5 port 45682 [preauth]
May  8 20:57:59 prd-ubuntu1804-docker-4c-4g-535 sshd[1488]: Invalid user jenkins from 10.32.4.5 port 45684
May  8 20:57:59 prd-ubuntu1804-docker-4c-4g-535 sshd[1488]: Received disconnect from 10.32.4.5 port 45684:11: Closed due to user request. [preauth]
May  8 20:57:59 prd-ubuntu1804-docker-4c-4g-535 sshd[1488]: Disconnected from invalid user jenkins 10.32.4.5 port 45684 [preauth]
May  8 20:58:01 prd-ubuntu1804-docker-4c-4g-535 sshd[1490]: Invalid user jenkins from 10.32.4.5 port 45686
May  8 20:58:01 prd-ubuntu1804-docker-4c-4g-535 CRON[1492]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:58:01 prd-ubuntu1804-docker-4c-4g-535 sshd[1490]: Received disconnect from 10.32.4.5 port 45686:11: Closed due to user request. [preauth]
May  8 20:58:01 prd-ubuntu1804-docker-4c-4g-535 sshd[1490]: Disconnected from invalid user jenkins 10.32.4.5 port 45686 [preauth]
May  8 20:58:01 prd-ubuntu1804-docker-4c-4g-535 CRON[1492]: pam_unix(cron:session): session closed for user root
May  8 20:58:03 prd-ubuntu1804-docker-4c-4g-535 sshd[1509]: Invalid user jenkins from 10.32.4.5 port 45690
May  8 20:58:04 prd-ubuntu1804-docker-4c-4g-535 sshd[1509]: Received disconnect from 10.32.4.5 port 45690:11: Closed due to user request. [preauth]
May  8 20:58:04 prd-ubuntu1804-docker-4c-4g-535 sshd[1509]: Disconnected from invalid user jenkins 10.32.4.5 port 45690 [preauth]
May  8 20:58:06 prd-ubuntu1804-docker-4c-4g-535 sshd[1739]: Invalid user jenkins from 10.32.4.5 port 45692
May  8 20:58:06 prd-ubuntu1804-docker-4c-4g-535 sshd[1739]: Received disconnect from 10.32.4.5 port 45692:11: Closed due to user request. [preauth]
May  8 20:58:06 prd-ubuntu1804-docker-4c-4g-535 sshd[1739]: Disconnected from invalid user jenkins 10.32.4.5 port 45692 [preauth]
May  8 20:58:08 prd-ubuntu1804-docker-4c-4g-535 sshd[1779]: Invalid user jenkins from 10.32.4.5 port 45694
May  8 20:58:08 prd-ubuntu1804-docker-4c-4g-535 sshd[1779]: Received disconnect from 10.32.4.5 port 45694:11: Closed due to user request. [preauth]
May  8 20:58:08 prd-ubuntu1804-docker-4c-4g-535 sshd[1779]: Disconnected from invalid user jenkins 10.32.4.5 port 45694 [preauth]
May  8 20:58:10 prd-ubuntu1804-docker-4c-4g-535 sshd[1791]: Invalid user jenkins from 10.32.4.5 port 45698
May  8 20:58:10 prd-ubuntu1804-docker-4c-4g-535 sshd[1791]: Received disconnect from 10.32.4.5 port 45698:11: Closed due to user request. [preauth]
May  8 20:58:10 prd-ubuntu1804-docker-4c-4g-535 sshd[1791]: Disconnected from invalid user jenkins 10.32.4.5 port 45698 [preauth]
May  8 20:58:11 prd-ubuntu1804-docker-4c-4g-535 useradd[1799]: new group: name=jenkins, GID=1001
May  8 20:58:11 prd-ubuntu1804-docker-4c-4g-535 useradd[1799]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
May  8 20:58:11 prd-ubuntu1804-docker-4c-4g-535 usermod[1806]: add 'jenkins' to group 'docker'
May  8 20:58:11 prd-ubuntu1804-docker-4c-4g-535 usermod[1806]: add 'jenkins' to shadow group 'docker'
May  8 20:58:12 prd-ubuntu1804-docker-4c-4g-535 sshd[1848]: Accepted publickey for jenkins from 10.32.4.5 port 45708 ssh2: RSA SHA256:MwkAMVxCcf5mjE3h3rXSsWkdX5TtX0v/kuPsZexJ1qI
May  8 20:58:12 prd-ubuntu1804-docker-4c-4g-535 sshd[1848]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
May  8 20:58:12 prd-ubuntu1804-docker-4c-4g-535 systemd-logind[938]: New session 2 of user jenkins.
May  8 20:58:12 prd-ubuntu1804-docker-4c-4g-535 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
May  8 20:59:02 prd-ubuntu1804-docker-4c-4g-535 CRON[2789]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:59:02 prd-ubuntu1804-docker-4c-4g-535 CRON[2789]: pam_unix(cron:session): session closed for user root
May  8 21:00:01 prd-ubuntu1804-docker-4c-4g-535 CRON[3607]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:00:01 prd-ubuntu1804-docker-4c-4g-535 CRON[3607]: pam_unix(cron:session): session closed for user root
May  8 21:00:18 prd-ubuntu1804-docker-4c-4g-535 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/it-dep-secret-docker-merge-master ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp
May  8 21:00:18 prd-ubuntu1804-docker-4c-4g-535 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)