Sep 11 20:58:21 prd-ubuntu1804-docker-4c-4g-3458 passwd[957]: password for 'ubuntu' changed by 'root'
Sep 11 20:58:21 prd-ubuntu1804-docker-4c-4g-3458 systemd-logind[1040]: Watching system buttons on /dev/input/event0 (Power Button)
Sep 11 20:58:21 prd-ubuntu1804-docker-4c-4g-3458 systemd-logind[1040]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Sep 11 20:58:21 prd-ubuntu1804-docker-4c-4g-3458 systemd-logind[1040]: New seat seat0.
Sep 11 20:58:22 prd-ubuntu1804-docker-4c-4g-3458 sshd[1282]: Server listening on 0.0.0.0 port 22.
Sep 11 20:58:22 prd-ubuntu1804-docker-4c-4g-3458 sshd[1282]: Server listening on :: port 22.
Sep 11 20:58:28 prd-ubuntu1804-docker-4c-4g-3458 sshd[1531]: Did not receive identification string from 10.32.4.5 port 47902
Sep 11 20:58:36 prd-ubuntu1804-docker-4c-4g-3458 sshd[1552]: Invalid user jenkins from 10.32.4.5 port 47912
Sep 11 20:58:36 prd-ubuntu1804-docker-4c-4g-3458 sshd[1552]: Received disconnect from 10.32.4.5 port 47912:11: Closed due to user request. [preauth]
Sep 11 20:58:36 prd-ubuntu1804-docker-4c-4g-3458 sshd[1552]: Disconnected from invalid user jenkins 10.32.4.5 port 47912 [preauth]
Sep 11 20:58:38 prd-ubuntu1804-docker-4c-4g-3458 sshd[1556]: Invalid user jenkins from 10.32.4.5 port 47916
Sep 11 20:58:38 prd-ubuntu1804-docker-4c-4g-3458 sshd[1556]: Received disconnect from 10.32.4.5 port 47916:11: Closed due to user request. [preauth]
Sep 11 20:58:38 prd-ubuntu1804-docker-4c-4g-3458 sshd[1556]: Disconnected from invalid user jenkins 10.32.4.5 port 47916 [preauth]
Sep 11 20:58:40 prd-ubuntu1804-docker-4c-4g-3458 sshd[1558]: Invalid user jenkins from 10.32.4.5 port 47918
Sep 11 20:58:40 prd-ubuntu1804-docker-4c-4g-3458 sshd[1558]: Received disconnect from 10.32.4.5 port 47918:11: Closed due to user request. [preauth]
Sep 11 20:58:40 prd-ubuntu1804-docker-4c-4g-3458 sshd[1558]: Disconnected from invalid user jenkins 10.32.4.5 port 47918 [preauth]
Sep 11 20:58:42 prd-ubuntu1804-docker-4c-4g-3458 sshd[1568]: Invalid user jenkins from 10.32.4.5 port 47920
Sep 11 20:58:42 prd-ubuntu1804-docker-4c-4g-3458 sshd[1568]: Received disconnect from 10.32.4.5 port 47920:11: Closed due to user request. [preauth]
Sep 11 20:58:42 prd-ubuntu1804-docker-4c-4g-3458 sshd[1568]: Disconnected from invalid user jenkins 10.32.4.5 port 47920 [preauth]
Sep 11 20:58:45 prd-ubuntu1804-docker-4c-4g-3458 sshd[1691]: Invalid user jenkins from 10.32.4.5 port 47922
Sep 11 20:58:45 prd-ubuntu1804-docker-4c-4g-3458 sshd[1691]: Received disconnect from 10.32.4.5 port 47922:11: Closed due to user request. [preauth]
Sep 11 20:58:45 prd-ubuntu1804-docker-4c-4g-3458 sshd[1691]: Disconnected from invalid user jenkins 10.32.4.5 port 47922 [preauth]
Sep 11 20:58:47 prd-ubuntu1804-docker-4c-4g-3458 sshd[1799]: Invalid user jenkins from 10.32.4.5 port 47924
Sep 11 20:58:47 prd-ubuntu1804-docker-4c-4g-3458 sshd[1799]: Received disconnect from 10.32.4.5 port 47924:11: Closed due to user request. [preauth]
Sep 11 20:58:47 prd-ubuntu1804-docker-4c-4g-3458 sshd[1799]: Disconnected from invalid user jenkins 10.32.4.5 port 47924 [preauth]
Sep 11 20:58:49 prd-ubuntu1804-docker-4c-4g-3458 sshd[1835]: Invalid user jenkins from 10.32.4.5 port 47928
Sep 11 20:58:49 prd-ubuntu1804-docker-4c-4g-3458 sshd[1835]: Received disconnect from 10.32.4.5 port 47928:11: Closed due to user request. [preauth]
Sep 11 20:58:49 prd-ubuntu1804-docker-4c-4g-3458 sshd[1835]: Disconnected from invalid user jenkins 10.32.4.5 port 47928 [preauth]
Sep 11 20:58:51 prd-ubuntu1804-docker-4c-4g-3458 sshd[1843]: Invalid user jenkins from 10.32.4.5 port 47932
Sep 11 20:58:51 prd-ubuntu1804-docker-4c-4g-3458 sshd[1843]: Received disconnect from 10.32.4.5 port 47932:11: Closed due to user request. [preauth]
Sep 11 20:58:51 prd-ubuntu1804-docker-4c-4g-3458 sshd[1843]: Disconnected from invalid user jenkins 10.32.4.5 port 47932 [preauth]
Sep 11 20:58:53 prd-ubuntu1804-docker-4c-4g-3458 sshd[1867]: Invalid user jenkins from 10.32.4.5 port 47936
Sep 11 20:58:53 prd-ubuntu1804-docker-4c-4g-3458 sshd[1867]: Received disconnect from 10.32.4.5 port 47936:11: Closed due to user request. [preauth]
Sep 11 20:58:53 prd-ubuntu1804-docker-4c-4g-3458 sshd[1867]: Disconnected from invalid user jenkins 10.32.4.5 port 47936 [preauth]
Sep 11 20:58:53 prd-ubuntu1804-docker-4c-4g-3458 useradd[1871]: new group: name=jenkins, GID=1001
Sep 11 20:58:53 prd-ubuntu1804-docker-4c-4g-3458 useradd[1871]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
Sep 11 20:58:53 prd-ubuntu1804-docker-4c-4g-3458 usermod[1891]: add 'jenkins' to group 'docker'
Sep 11 20:58:53 prd-ubuntu1804-docker-4c-4g-3458 usermod[1891]: add 'jenkins' to shadow group 'docker'
Sep 11 20:58:55 prd-ubuntu1804-docker-4c-4g-3458 sshd[1935]: Accepted publickey for jenkins from 10.32.4.5 port 47938 ssh2: RSA SHA256:MwkAMVxCcf5mjE3h3rXSsWkdX5TtX0v/kuPsZexJ1qI
Sep 11 20:58:55 prd-ubuntu1804-docker-4c-4g-3458 sshd[1935]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
Sep 11 20:58:55 prd-ubuntu1804-docker-4c-4g-3458 systemd-logind[1040]: New session 1 of user jenkins.
Sep 11 20:58:55 prd-ubuntu1804-docker-4c-4g-3458 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
Sep 11 20:59:01 prd-ubuntu1804-docker-4c-4g-3458 CRON[2141]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 11 20:59:01 prd-ubuntu1804-docker-4c-4g-3458 CRON[2141]: pam_unix(cron:session): session closed for user root
Sep 11 21:00:01 prd-ubuntu1804-docker-4c-4g-3458 CRON[2789]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 11 21:00:01 prd-ubuntu1804-docker-4c-4g-3458 CRON[2789]: pam_unix(cron:session): session closed for user root
Sep 11 21:01:01 prd-ubuntu1804-docker-4c-4g-3458 CRON[2861]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 11 21:01:01 prd-ubuntu1804-docker-4c-4g-3458 CRON[2861]: pam_unix(cron:session): session closed for user root
Sep 11 21:02:01 prd-ubuntu1804-docker-4c-4g-3458 CRON[3803]: pam_unix(cron:session): session opened for user root by (uid=0)
Sep 11 21:02:01 prd-ubuntu1804-docker-4c-4g-3458 CRON[3803]: pam_unix(cron:session): session closed for user root
Sep 11 21:02:09 prd-ubuntu1804-docker-4c-4g-3458 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/it-dep-secret-docker-merge-master ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp
Sep 11 21:02:09 prd-ubuntu1804-docker-4c-4g-3458 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)