Best Linux One Liners

Here is a collection of my favourite Linux one-liners. Linux is such a versatile operating system that you can string commands consecutively to make a command that perfectly fits your requirements.

Print Login Session Information

Find the last users who have logged onto your system.

last  | grep -v "^$" | awk '{ print $1 }' | sort -nr | uniq -c

Let’s break down the command step by step:

  1. last: This command shows a list of the most recent login sessions on the system.
  2. |: This symbol is a pipe that takes the output of the command on its left and uses it as input for the command on its right.
  3. grep -v “^$”: This command, when combined with last, filters out blank lines from the output. grep -v is used to select lines that do not match a specific pattern, in this case, ^$, which represents an empty line.
  4. awk ‘{ print $1 }’: After filtering out the blank lines, awk is used to print only the first column of the output. By default, awk separates columns by whitespace, so $1 refers to the first column.
  5. sort -nr: This command sorts the output numerically (-n) in reverse order (-r). It sorts the login session information in descending order based on the numerical values in the first column.
  6. uniq -c: Finally, uniq -c displays unique lines from the sorted input and counts the occurrences of each line. In this case, it counts the number of occurrences of each login session in the sorted list.

So, in summary, the command sequence fetches the login session information, filters out blank lines, extracts the first column (presumably usernames or session IDs), sorts them in descending numerical order, and then counts the occurrences of each unique login session.

Set a console clock in the Terminal

I stumbled upon this amazing one-liner. Credit to the original website:

$while sleep 1;do tput sc;tput cup 0 $(($(tput cols)-29));date;tput rc;done &

Here’s what each part of the command does:

  • while sleep 1; do ... done &: This starts a loop that repeats the commands inside it every second (sleep 1) in the background (&). It continuously executes the commands within the loop, updating the information displayed on the screen.
  • tput sc: tput sc saves the current cursor position. It remembers where the cursor is before it moves it.
  • tput cup 0 $(($(tput cols)-29)): tput cup moves the cursor to a specified position on the terminal screen. In this case, it moves the cursor to the top line (0) and calculates the column position by subtracting 29 from the total number of columns (tput cols). This position is used to display the output of the date command.
  • date: This command prints the current date and time to the specified location on the terminal screen.
  • tput rc: tput rc restores the saved cursor position to where it was previously saved (tput sc). After printing the date, this command brings the cursor back to its original position before the tput sc.

Overall, this command creates a continuously updating display of the current date and time on the terminal screen, positioned at the top right corner (approximately 29 columns from the right edge) while preserving the cursor’s original position elsewhere on the screen.

List the Largest directories on your Computer

sudo du -h --max-depth=1 / | sort -hr

Let’s break down the components of this command:

  • sudo: This command is used to execute subsequent commands with elevated privileges, often requiring administrator permissions.
  • du -h --max-depth=1 /: The du command stands for “disk usage” and is used to estimate file and directory space usage. In this case:
    • -h flag stands for “human-readable,” displaying file sizes in a format that is easier for humans to understand, such as KB, MB, GB, etc.
    • --max-depth=1 sets the maximum depth to 1, restricting the output to only the immediate directories and their sizes within the specified path, which is the root directory /.
  • |: This is the pipe operator, which takes the output of the command on its left and uses it as input for the command on its right. It allows chaining multiple commands together.
  • sort -hr: This part of the command sorts the output received from du in reverse numerical (-n) order and in a human-readable (-h) format. The flags used here are:
    • -h: Sort human-readable numbers (e.g., 2K, 1G).
    • -r: Reverse the result of comparisons, displaying the largest sizes first.

Example Output:

77G	/
46G	/home
11G	/snap
8.4G	/usr
8.3G	/var
2.6G	/installables
1014M	/opt
349M	/boot
15M	/etc
8.8M	/tmp

So, when executed, this command essentially lists the sizes of directories within the root directory, displaying them in human-readable format and sorting them in descending order based on their sizes. This can be very helpful for identifying large directories and their sizes, aiding in disk space management and understanding where the storage is being utilized the most.

Get Important System Information

This awesome one-liner pulls out lots of important information about your local machine

echo -e "System Info:
- Hostname: $(hostname)
- Current User: $(whoami)
- CPU: $(grep 'model name' /proc/cpuinfo | uniq | sed 's/model name\s*:\s*//')
- RAM: $(free -h | awk '/^Mem/ {print $2}')
- Disks: $(lsblk | grep -c disk)
- Last Reboot: $(who -b | awk '{print $3, $4}')
- Power On Time: $(uptime -p)
- Current Date and Time: $(date '+%Y-%m-%d %H:%M:%S')
- OS: $(lsb_release -d | cut -f2-)"

Let’s break it down step by step:

  1. echo -e: This command is used to print the following text, and the -e flag enables the interpretation of backslash escapes.
  2. "System Info: ... OS: ": This is a string that serves as the header for the system information.
  3. $(hostname): Prints the current system’s hostname.
  4. $(whoami): Prints the username of the current user.
  5. $(grep 'model name' /proc/cpuinfo | uniq | sed 's/model name\s*:\s*//'): Retrieves the CPU model information by searching the /proc/cpuinfo file, then removes duplicate lines using uniq, and finally uses sed to remove the “model name” label.
  6. $(free -h | awk '/^Mem/ {print $2}'): Displays the total RAM by using the free command to show memory usage in a human-readable format (-h), and awk is used to print the second column of the line starting with “Mem,” which represents the total memory.
  7. $(lsblk | grep -c disk): Counts the number of disks by listing block devices with lsblk and counting the lines containing the word “disk” using grep -c.
  8. $(who -b | awk '{print $3, $4}'): Shows the last reboot time by using the who command with the -b flag to display the system boot time. awk is then used to print the third and fourth columns.
  9. $(uptime -p): Prints the system’s uptime in a human-readable format.
  10. $(date '+%Y-%m-%d %H:%M:%S'): Displays the current date and time in the specified format.
  11. $(lsb_release -d | cut -f2-): Retrieves the operating system description using lsb_release and extracts the second field onwards using cut.

The entire command combines these components to produce a comprehensive system information summary with details about the hostname, current user, CPU, RAM, disks, last reboot, power-on time, current date and time, and the operating system.

Elsewhere On TurboGeek:  PowerShell OneLiners for Active Directory

Journalctl Command to Filter and Count Error Messages

journalctl is a utility in Linux systems for querying and displaying logs from the systemd journal. When managing virtual environments like VMware, it can be helpful to scan logs for error messages to identify potential issues. The command presented here searches for error-related entries in the systemd journal and counts how many times each executable generated an error message, all formatted neatly for analysis.

journalctl --no-pager --since today \
--grep 'fail|error|fatal' --output json|jq '._EXE' | \
sort | uniq -c | sort --numeric --reverse --key 1

Command Explanation

  • journalctl --no-pager --since today --grep 'fail|error|fatal' --output json|jq '._EXE' | sort | uniq -c | sort --numeric --reverse --key 1:
    1. journalctl --no-pager --since today: The journalctl command fetches logs from the systemd journal. The --no-pager flag prevents the output from being piped into a pager like less. The --since today parameter limits the search to logs generated since the beginning of the current day.
    2. --grep 'fail|error|fatal': This flag filters the logs to only include entries containing the terms “fail,” “error,” or “fatal.”
    3. --output json: Outputs the filtered logs in JSON format.
    4. jq '._EXE': The jq command parses the JSON output to extract the value of the _EXE key, which represents the executable that generated the log entry.
    5. sort: Sorts the extracted executable names.
    6. uniq -c: Counts the occurrences of each unique executable name.
    7. sort --numeric --reverse --key 1: Finally, sorts the count and executable name in descending order, making it easy to identify which executables are generating the most error messages.


Richard Bailey, a seasoned tech enthusiast, combines a passion for innovation with a knack for simplifying complex concepts. With over a decade in the industry, he's pioneered transformative solutions, blending creativity with technical prowess. An avid writer, Richard's articles resonate with readers, offering insightful perspectives that bridge the gap between technology and everyday life. His commitment to excellence and tireless pursuit of knowledge continues to inspire and shape the tech landscape.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

Translate ยป