Brute force protection? (fail2ban, iptables)

I am a beginner at setting up servers, and I would like to add some form of protection against bots/bruteforce authentication.

  1. Does anyone have a fail2ban config for the kanboard error logs that they don’t mind sharing? I have been trying to set it up but the regex stumps me.

  2. Is there a way to display captcha/lockouts for incorrect USERNAME bruteforces? Right now, Kanboard only tracks the max-retry value for each USERNAME, but does not protect against bruteforces searches of USERNAMES. Similar question to #3642. I have tried looking through the codebase under AuthValidator.php, AuthController.php and AuthSubscriber.php but I dont see an easy way to track the number of retries.