Hi!
A real cool security benefit would be a User Lockout // Bad Password Counter for Local Users.
An Admin can specify a policy that after a defined amount of Bad Password counts, a user will be blocked for a defined amount of time or even locked out permanently so admin action would be required.
Example:
An Admin configures 20pwd per user and a block time for 30minutes, so the user can login after that without admin action
The Problem with Fail2Ban is that most of Admins do not seperately install + configure things, so it would be a security benefit for a lot of people with less knowledge (we really have to protect them) and reduces the external dependencies