It depends on who you can trust. If you can trust anyone with root (or physical) access to the box, you could simple use a counter, and a secret key. Concatenate the secret key with the counter, and make a digest of them. Instead of a counter, you could use a timestamping feature of a database (anything that gives you a unique number - you don't have to care whether it's guessable).

What you are doing with the technique is basically combining two things, each of them supplying one the requirements you need. The secret key gives you something that's hard to guess - and the counter or timestamp gives you uniqueness.