diff --git a/README.md b/README.md
index ac7caad..04d733a 100644
--- a/README.md
+++ b/README.md
@@ -1,9 +1,12 @@
 # denyhosts
 ssh防止暴力破解.  
 记录mail server的一些信息,攻击IP等.  
-- 适用Debian 8、9
+- 适用Debian 8、9  
 
+
+cd /root
+git clone https://github.com/niuyuling/denyhosts.git
+chmod a+x /root/denyhosts/denyhosts.sh
 crontab 定时任务,像这样.
-
-0 22 * * * /root/mail.log.sh
+0 22 * * * /root/denyhosts/denyhosts.sh
 
diff --git a/denyhosts.sh b/denyhosts.sh
index ef465f5..057a344 100644
--- a/denyhosts.sh
+++ b/denyhosts.sh
@@ -7,7 +7,7 @@
 #
 
 function init() {
-    num=9;
+    num=20;
     send_mail=1;
     pwd_path="/root";
     TIME=`date +"%Y%m%d%H%M"`;
@@ -29,9 +29,9 @@ function run()
     echo "Network Connections" &>> ${log_file}
     netstat -tnulp &>> ${log_file}
 
-    echo "System authorization information:" &>> ${log_file}
-    /root/rhost | awk '{a[$1]+=1;} END {for(i in a){print a[i]" "i;}}' &>> ${log_file}
-    ip=$(echo $(/root/rhost | awk -v num=${num} '{a[$1]+=1;} END {for(i in a){if (a[i] >= num) {print i;}}}'))
+    echo "System SSH authorization information:" &>> ${log_file}
+    /root/denyhosts/rhost | awk '{a[$1]+=1;} END {for(i in a){print a[i]" "i;}}' &>> ${log_file}
+    ip=$(echo $(/root/denyhosts/rhost | awk -v num=${num} '{a[$1]+=1;} END {for(i in a){if (a[i] >= num) {print i;}}}'))
     
     
     ip_address=($ip)
@@ -58,5 +58,6 @@ run;
 exit 0;
 20190103
 20190911
+20191008
 aixiao@aixiao.me
 
diff --git a/rhost b/rhost
new file mode 100644
index 0000000..7c397cd
Binary files /dev/null and b/rhost differ
diff --git a/rhost.c b/rhost.c
index 077f922..85ecd1d 100644
--- a/rhost.c
+++ b/rhost.c
@@ -18,7 +18,7 @@ int main(int argc, char *argv[])
     p = localtime(&timep);
     char p1[2];
 
-    if (p->tm_mday > 10) {
+    if (p->tm_mday >= 10) {
         if ((fp =
              popen
              ("grep -E \"^$(date \"+%h\").$(date \"+%d\")\" /var/log/auth.log | grep failure | grep rhost",
@@ -28,7 +28,7 @@ int main(int argc, char *argv[])
     } else {
         if ((fp =
              popen
-             ("grep -E \"^$(date \"+%h\")..$(date \"+%d\")\" /var/log/auth.log | grep failure | grep rhost",
+             ("grep -E \"^$(date \"+%h\")..$(date | awk '{print $3}')\" /var/log/auth.log | grep failure | grep rhost",
               "r")) == NULL) {
             return 1;
         }
diff --git a/rhost.o b/rhost.o
new file mode 100644
index 0000000..76e9a4d
Binary files /dev/null and b/rhost.o differ