Feb  5 20:57:45 prd-ubuntu1804-docker-4c-4g-5138 passwd[927]: password for 'ubuntu' changed by 'root'
Feb  5 20:57:45 prd-ubuntu1804-docker-4c-4g-5138 systemd-logind[1067]: Watching system buttons on /dev/input/event0 (Power Button)
Feb  5 20:57:45 prd-ubuntu1804-docker-4c-4g-5138 systemd-logind[1067]: Watching system buttons on /dev/input/event1 (AT Translated Set 2 keyboard)
Feb  5 20:57:45 prd-ubuntu1804-docker-4c-4g-5138 systemd-logind[1067]: New seat seat0.
Feb  5 20:57:45 prd-ubuntu1804-docker-4c-4g-5138 sshd[1172]: Server listening on 0.0.0.0 port 22.
Feb  5 20:57:45 prd-ubuntu1804-docker-4c-4g-5138 sshd[1172]: Server listening on :: port 22.
Feb  5 20:57:47 prd-ubuntu1804-docker-4c-4g-5138 sshd[1357]: Did not receive identification string from 10.32.4.5 port 42608
Feb  5 20:57:52 prd-ubuntu1804-docker-4c-4g-5138 sshd[1490]: Invalid user jenkins from 10.32.4.5 port 42616
Feb  5 20:57:52 prd-ubuntu1804-docker-4c-4g-5138 sshd[1490]: Received disconnect from 10.32.4.5 port 42616:11: Closed due to user request. [preauth]
Feb  5 20:57:52 prd-ubuntu1804-docker-4c-4g-5138 sshd[1490]: Disconnected from invalid user jenkins 10.32.4.5 port 42616 [preauth]
Feb  5 20:57:54 prd-ubuntu1804-docker-4c-4g-5138 sshd[1500]: Invalid user jenkins from 10.32.4.5 port 42618
Feb  5 20:57:54 prd-ubuntu1804-docker-4c-4g-5138 sshd[1500]: Received disconnect from 10.32.4.5 port 42618:11: Closed due to user request. [preauth]
Feb  5 20:57:54 prd-ubuntu1804-docker-4c-4g-5138 sshd[1500]: Disconnected from invalid user jenkins 10.32.4.5 port 42618 [preauth]
Feb  5 20:57:56 prd-ubuntu1804-docker-4c-4g-5138 sshd[1502]: Invalid user jenkins from 10.32.4.5 port 42620
Feb  5 20:57:56 prd-ubuntu1804-docker-4c-4g-5138 sshd[1502]: Received disconnect from 10.32.4.5 port 42620:11: Closed due to user request. [preauth]
Feb  5 20:57:56 prd-ubuntu1804-docker-4c-4g-5138 sshd[1502]: Disconnected from invalid user jenkins 10.32.4.5 port 42620 [preauth]
Feb  5 20:57:58 prd-ubuntu1804-docker-4c-4g-5138 sshd[1522]: Invalid user jenkins from 10.32.4.5 port 42624
Feb  5 20:57:58 prd-ubuntu1804-docker-4c-4g-5138 sshd[1522]: Received disconnect from 10.32.4.5 port 42624:11: Closed due to user request. [preauth]
Feb  5 20:57:58 prd-ubuntu1804-docker-4c-4g-5138 sshd[1522]: Disconnected from invalid user jenkins 10.32.4.5 port 42624 [preauth]
Feb  5 20:58:00 prd-ubuntu1804-docker-4c-4g-5138 sshd[1524]: Invalid user jenkins from 10.32.4.5 port 42626
Feb  5 20:58:00 prd-ubuntu1804-docker-4c-4g-5138 sshd[1524]: Received disconnect from 10.32.4.5 port 42626:11: Closed due to user request. [preauth]
Feb  5 20:58:00 prd-ubuntu1804-docker-4c-4g-5138 sshd[1524]: Disconnected from invalid user jenkins 10.32.4.5 port 42626 [preauth]
Feb  5 20:58:01 prd-ubuntu1804-docker-4c-4g-5138 CRON[1526]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  5 20:58:01 prd-ubuntu1804-docker-4c-4g-5138 CRON[1526]: pam_unix(cron:session): session closed for user root
Feb  5 20:58:02 prd-ubuntu1804-docker-4c-4g-5138 sshd[1534]: Invalid user jenkins from 10.32.4.5 port 42628
Feb  5 20:58:02 prd-ubuntu1804-docker-4c-4g-5138 sshd[1534]: Received disconnect from 10.32.4.5 port 42628:11: Closed due to user request. [preauth]
Feb  5 20:58:02 prd-ubuntu1804-docker-4c-4g-5138 sshd[1534]: Disconnected from invalid user jenkins 10.32.4.5 port 42628 [preauth]
Feb  5 20:58:05 prd-ubuntu1804-docker-4c-4g-5138 sshd[1536]: Invalid user jenkins from 10.32.4.5 port 42632
Feb  5 20:58:05 prd-ubuntu1804-docker-4c-4g-5138 sshd[1536]: Received disconnect from 10.32.4.5 port 42632:11: Closed due to user request. [preauth]
Feb  5 20:58:05 prd-ubuntu1804-docker-4c-4g-5138 sshd[1536]: Disconnected from invalid user jenkins 10.32.4.5 port 42632 [preauth]
Feb  5 20:58:07 prd-ubuntu1804-docker-4c-4g-5138 sshd[1619]: Invalid user jenkins from 10.32.4.5 port 42638
Feb  5 20:58:07 prd-ubuntu1804-docker-4c-4g-5138 sshd[1619]: Received disconnect from 10.32.4.5 port 42638:11: Closed due to user request. [preauth]
Feb  5 20:58:07 prd-ubuntu1804-docker-4c-4g-5138 sshd[1619]: Disconnected from invalid user jenkins 10.32.4.5 port 42638 [preauth]
Feb  5 20:58:09 prd-ubuntu1804-docker-4c-4g-5138 sshd[1770]: Invalid user jenkins from 10.32.4.5 port 42640
Feb  5 20:58:09 prd-ubuntu1804-docker-4c-4g-5138 sshd[1770]: Received disconnect from 10.32.4.5 port 42640:11: Closed due to user request. [preauth]
Feb  5 20:58:09 prd-ubuntu1804-docker-4c-4g-5138 sshd[1770]: Disconnected from invalid user jenkins 10.32.4.5 port 42640 [preauth]
Feb  5 20:58:11 prd-ubuntu1804-docker-4c-4g-5138 sshd[1805]: Invalid user jenkins from 10.32.4.5 port 42642
Feb  5 20:58:11 prd-ubuntu1804-docker-4c-4g-5138 sshd[1805]: Received disconnect from 10.32.4.5 port 42642:11: Closed due to user request. [preauth]
Feb  5 20:58:11 prd-ubuntu1804-docker-4c-4g-5138 sshd[1805]: Disconnected from invalid user jenkins 10.32.4.5 port 42642 [preauth]
Feb  5 20:58:13 prd-ubuntu1804-docker-4c-4g-5138 sshd[1812]: Invalid user jenkins from 10.32.4.5 port 42644
Feb  5 20:58:13 prd-ubuntu1804-docker-4c-4g-5138 sshd[1812]: Received disconnect from 10.32.4.5 port 42644:11: Closed due to user request. [preauth]
Feb  5 20:58:13 prd-ubuntu1804-docker-4c-4g-5138 sshd[1812]: Disconnected from invalid user jenkins 10.32.4.5 port 42644 [preauth]
Feb  5 20:58:15 prd-ubuntu1804-docker-4c-4g-5138 sshd[1829]: Invalid user jenkins from 10.32.4.5 port 42646
Feb  5 20:58:15 prd-ubuntu1804-docker-4c-4g-5138 sshd[1829]: Received disconnect from 10.32.4.5 port 42646:11: Closed due to user request. [preauth]
Feb  5 20:58:15 prd-ubuntu1804-docker-4c-4g-5138 sshd[1829]: Disconnected from invalid user jenkins 10.32.4.5 port 42646 [preauth]
Feb  5 20:58:16 prd-ubuntu1804-docker-4c-4g-5138 useradd[1845]: new group: name=jenkins, GID=1001
Feb  5 20:58:16 prd-ubuntu1804-docker-4c-4g-5138 useradd[1845]: new user: name=jenkins, UID=1001, GID=1001, home=/home/jenkins, shell=/bin/bash
Feb  5 20:58:16 prd-ubuntu1804-docker-4c-4g-5138 usermod[1852]: add 'jenkins' to group 'docker'
Feb  5 20:58:16 prd-ubuntu1804-docker-4c-4g-5138 usermod[1852]: add 'jenkins' to shadow group 'docker'
Feb  5 20:58:18 prd-ubuntu1804-docker-4c-4g-5138 sshd[1898]: Accepted publickey for jenkins from 10.32.4.5 port 42648 ssh2: RSA SHA256:MwkAMVxCcf5mjE3h3rXSsWkdX5TtX0v/kuPsZexJ1qI
Feb  5 20:58:18 prd-ubuntu1804-docker-4c-4g-5138 sshd[1898]: pam_unix(sshd:session): session opened for user jenkins by (uid=0)
Feb  5 20:58:18 prd-ubuntu1804-docker-4c-4g-5138 systemd-logind[1067]: New session 2 of user jenkins.
Feb  5 20:58:18 prd-ubuntu1804-docker-4c-4g-5138 systemd: pam_unix(systemd-user:session): session opened for user jenkins by (uid=0)
Feb  5 20:59:01 prd-ubuntu1804-docker-4c-4g-5138 CRON[2724]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  5 20:59:01 prd-ubuntu1804-docker-4c-4g-5138 CRON[2724]: pam_unix(cron:session): session closed for user root
Feb  5 21:00:01 prd-ubuntu1804-docker-4c-4g-5138 CRON[2772]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  5 21:00:01 prd-ubuntu1804-docker-4c-4g-5138 CRON[2772]: pam_unix(cron:session): session closed for user root
Feb  5 21:01:01 prd-ubuntu1804-docker-4c-4g-5138 CRON[3723]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb  5 21:01:01 prd-ubuntu1804-docker-4c-4g-5138 CRON[3723]: pam_unix(cron:session): session closed for user root
Feb  5 21:01:05 prd-ubuntu1804-docker-4c-4g-5138 sudo:  jenkins : TTY=unknown ; PWD=/w/workspace/it-dep-secret-docker-merge-master ; USER=root ; COMMAND=/bin/cp /var/log/auth.log /tmp
Feb  5 21:01:05 prd-ubuntu1804-docker-4c-4g-5138 sudo: pam_unix(sudo:session): session opened for user root by (uid=0)